This project follows a best-effort security support model. Only the latest stable version of the project is actively maintained and receives security updates.
| Version | Supported |
|---|---|
| Latest | ✅ Yes |
| Older | ❌ No |
If you discover a security vulnerability, please do not open a public issue. Instead, report it responsibly using one of the following methods:
- Private message to the maintainer (if applicable)
When reporting a vulnerability, include as much detail as possible:
- A clear description of the issue
- Steps to reproduce the vulnerability
- Affected versions
- Potential impact
- Any proof-of-concept (PoC), if available
You can expect an initial response within 48–72 hours.
Once a vulnerability is reported:
- The issue will be reviewed and validated.
- A fix or mitigation will be developed.
- A patched release will be published if necessary.
- The reporter may be credited, unless anonymity is requested.
Public disclosure will occur only after a fix is available, or when mitigation guidance has been provided.
We encourage contributors and users to follow basic security practices:
- Keep dependencies up to date
- Avoid committing secrets (API keys, tokens, passwords)
- Use environment variables for sensitive configuration
- Review third-party libraries before adding them
This security policy applies to:
- Source code
- Configuration files
- Build and deployment scripts
It does not cover:
- Third-party services
- Infrastructure managed outside this repository
Thank you for helping keep this project and its users secure.