We take the security of our project seriously. If you believe you have found a security vulnerability, please report it to us privately. Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Important Note: Any code within the
classic/folder is considered legacy, unsupported, and out of scope for security reports. We will not address security vulnerabilities in this deprecated code.
Instead, please report them via:
- GitHub Security Advisory
- Huntr.dev - where you may be eligible for a bounty
- Submit Report: Use one of the above channels to submit your report
- Response Time: Our team will acknowledge receipt of your report within 14 business days.
- Collaboration: We will collaborate with you to understand and validate the issue
- Resolution: We will work on a fix and coordinate the release process
- Please provide detailed reports with reproducible steps
- Include the version/commit hash where you discovered the vulnerability
- Allow us a 90-day security fix window before any public disclosure
- Share any potential mitigations or workarounds if known
Only the following versions are eligible for security updates:
| Version | Supported |
|---|---|
| Latest release on master branch | ✅ |
| Development commits (pre-master) | ✅ |
| Classic folder (deprecated) | ❌ |
| All other versions | ❌ |
When using this project:
- Always use the latest stable version
- Review security advisories before updating
- Follow our security documentation and guidelines
- Keep your dependencies up to date
- Do not use code from the
classic/folder as it is deprecated and unsupported
For a list of past security advisories, please visit our Security Advisory Page and Huntr Disclosures Page.
Last updated: November 2024