Sprint is under active development and considered [EXPERIMENTAL].
Security updates will be prioritized for the latest version only.
| Version | Supported |
|---|---|
| Latest | ✅ Yes |
| Older | ❌ No |
If you discover a security vulnerability in Sprint, please report it responsibly.
- Open a public GitHub issue for security vulnerabilities.
- Share exploit details publicly before a fix is available.
- Report the issue privately.
- Provide as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Please report security issues via:
- GitHub Security Advisories (recommended)
- Or contact the maintainers privately through the project’s official channels.
If applicable, you may also use the project’s official communication channels listed in the repository.
Sprint is designed with the following principles:
- Minimal attack surface by default
- Secure headers enabled automatically
x-powered-bydisabled- CORS configurable
- Rate limiting support
- Environment-based configuration
- Explicit route structure
- No hidden magic behavior
Sprint is currently experimental.
Breaking changes may occur until the first stable release.
Security improvements may be introduced frequently.
We appreciate responsible disclosure.
Security contributors may be acknowledged publicly if desired.
Thank you for helping keep Sprint secure.