Security Policy Supported Versions We take security seriously and actively maintain security updates for the following versions: VersionSupported
Reporting a Vulnerability We appreciate the security community's efforts in responsibly disclosing vulnerabilities. If you discover a security issue, please follow these guidelines: Where to Report DO NOT open a public GitHub issue for security vulnerabilities. Instead, report security issues through one of the following channels:
Email: abir.abbas@proton.me Security Advisory: Use GitHub's private vulnerability reporting feature
What to Include Your report should include:
Description of the vulnerability and its potential impact Detailed steps to reproduce the issue Affected versions Any proof-of-concept code (if applicable) Your contact information for follow-up questions
Response Timeline
Initial Response: Within 48 hours of submission Status Updates: Every 5-7 business days until resolution Resolution Target: 90 days for critical vulnerabilities, 120 days for lower severity issues
What to Expect If the vulnerability is accepted:
We'll work with you to understand and reproduce the issue We'll develop and test a fix We'll coordinate a disclosure timeline with you You'll be credited in our security advisory (unless you prefer to remain anonymous) If eligible, we may offer a bug bounty reward
If the vulnerability is declined:
We'll provide a detailed explanation of why it's not considered a security issue We may suggest alternative reporting channels if appropriate We'll still appreciate your effort and maintain confidentiality
Security Best Practices When using this project:
Always use the latest supported version Enable automatic security updates where possible Follow our configuration guidelines in the documentation Use strong authentication mechanisms Keep dependencies up to date Monitor our security advisories at GitHub Security Advisories
Disclosure Policy
We follow a coordinated disclosure approach Security fixes are released as soon as they're ready and tested Public disclosure occurs 7 days after patch release, or sooner if the vulnerability is being actively exploited We credit researchers who report vulnerabilities responsibly
Security Hall of Fame We maintain a Security Hall of Fame to recognize researchers who have helped improve our security.
Questions? Contact us at abir.abbas@proton.me