If you discover a security vulnerability in this project, please report it by:
- Creating an issue in our GitHub repository or
- Sending an email to me with details about the vulnerability
Please include as much information as possible:
- Type of issue
- Full paths of source file(s) related to the issue
- Location of the affected source code
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue
Disclaimer: While Bernardo maintains this template project, he is not responsible for any damages resulting from the use of this software. This project is provided "as is" without warranty of any kind.
We encourage community participation in security - feel free to make a pull request if you found a bug or security issue. Your contributions help make this project more secure for everyone.
Security updates will be released as patches to supported versions as soon as possible after a vulnerability is confirmed. We will make a reasonable effort to notify users of the affected versions.
When we receive a security report, we will:
- Confirm the vulnerability
- Determine affected versions
- Develop and test a fix
- Release patches for all supported versions
- Notify the community about the vulnerability
We aim to respond to vulnerability reports within 48 hours and issue patches within 14 days for critical issues.
- We regularly update our dependencies
- We use automated security scanning tools
- We follow secure coding practices
- We conduct regular code reviews
Thank you for helping keep our project safe!