| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in zonfig, please report it responsibly:
- Do not open a public GitHub issue
- Use GitHub Security Advisories with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Resolution: Depends on severity, typically 2-4 weeks
When using zonfig:
- Never commit secrets to version control
- Use environment variables for sensitive configuration
- Validate all configuration at startup
- Keep zonfig and dependencies updated