Skip to content

Security: Mane087/markdown_editor

Security

SECURITY.md

Security Policy

Supported Versions

This project follows a best-effort security support model. Only the latest stable version of the project is actively maintained and receives security updates.

Version Supported
Latest ✅ Yes
Older ❌ No

Reporting a Vulnerability

If you discover a security vulnerability, please do not open a public issue. Instead, report it responsibly using one of the following methods:

  • Private message to the maintainer (if applicable)

When reporting a vulnerability, include as much detail as possible:

  • A clear description of the issue
  • Steps to reproduce the vulnerability
  • Affected versions
  • Potential impact
  • Any proof-of-concept (PoC), if available

You can expect an initial response within 48–72 hours.


Disclosure Process

Once a vulnerability is reported:

  1. The issue will be reviewed and validated.
  2. A fix or mitigation will be developed.
  3. A patched release will be published if necessary.
  4. The reporter may be credited, unless anonymity is requested.

Public disclosure will occur only after a fix is available, or when mitigation guidance has been provided.


Security Best Practices

We encourage contributors and users to follow basic security practices:

  • Keep dependencies up to date
  • Avoid committing secrets (API keys, tokens, passwords)
  • Use environment variables for sensitive configuration
  • Review third-party libraries before adding them

Scope

This security policy applies to:

  • Source code
  • Configuration files
  • Build and deployment scripts

It does not cover:

  • Third-party services
  • Infrastructure managed outside this repository

Thank you for helping keep this project and its users secure.

There aren't any published security advisories