This file provides clear instructions on how to report security vulnerabilities responsibly. This is essential for protecting your project and its users.
Use this section to tell people which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.0+ | ✅ |
| < 1.0.0 | ❌ |
If you discover a security vulnerability, we want to know about it right away. Please do not create a public GitHub issue. Instead, please email us directly at [your-email@example.com]. To ensure the security of your communication, please use our PGP key, available here: [link-to-your-pgp-key].
We ask that you follow these guidelines when reporting:
- Provide a clear and detailed description of the vulnerability.
- Include steps to reproduce the issue.
- If possible, provide a proof-of-concept.
We appreciate your effort in helping to keep this project secure!
We use the Common Vulnerability Scoring System (CVSS) to rate the severity of reported vulnerabilities. This helps us prioritize and address issues based on their potential impact.
We are committed to a timely and transparent process for handling security reports. Our goal is to work with you to ensure a fix is in place before the vulnerability is made public.
- Within 24 hours: Acknowledge receipt of the report.
- Within 72 hours: Provide an initial assessment and a rough timeline for a fix.
- Within 90 days: Release a fix and publicly disclose the vulnerability. We ask that you do not publicly disclose the vulnerability before this timeline.
We want to thank the following individuals for their responsible disclosure of vulnerabilities, helping to make this project more secure:
- [Researcher Name 1]
- [Researcher Name 2]
- [Add your name here]