We take security seriously and will address vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We recommend always using the latest version to ensure you have the most recent security updates.
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue for security vulnerabilities
- Send a detailed report to: thomasvincent@gmail.com
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Response Time: We aim to respond within 48 hours
- Status Updates: We'll keep you informed about the progress
- Credit: Security researchers will be credited (unless they prefer to remain anonymous)
- Timeline: We strive to release fixes within 7-14 days for critical vulnerabilities
When using this project:
- Always use the latest stable version
- Keep dependencies up to date (Dependabot is enabled)
- Follow the principle of least privilege
- Review security advisories regularly
- Enable security alerts in your fork/clone
This repository includes:
- ✅ Dependabot security updates
- ✅ Secret scanning (for public repositories)
- ✅ Regular dependency updates
- ✅ Code review requirements (where applicable)
- Coordinated Disclosure: We follow responsible disclosure practices
- Public Disclosure: Vulnerabilities are disclosed publicly after a fix is released
- CVE Assignment: Critical vulnerabilities may be assigned CVE identifiers
We appreciate security researchers who help us keep our projects secure. Contributors will be listed here (with permission):
Thank you for helping keep this project and its users safe!