Skip to content

Security: compatibility-fyi/compatibility.fyi

SECURITY.md

Security Policy

Reporting a vulnerability

Please report suspected vulnerabilities privately through GitHub Security Advisories. Do not open a public issue for an unpatched vulnerability.

Include the affected URL or component, reproduction steps, expected impact, and any suggested mitigation. Reports will be acknowledged and assessed as soon as practical for this community-maintained project.

Supported version

Security fixes are applied to the deployment built from the master branch. Older commits and self-hosted copies are not maintained as separate security release lines.

Scope

The public website, HTTP API, build pipeline, and compatibility metadata processing are in scope. Reports about vulnerabilities in upstream projects referenced by the catalog should be sent to those projects instead.

There aren't any published security advisories