If you discover a security vulnerability in ZenStory, please report it responsibly by emailing hello@zenstory.ai.
Do not file a public GitHub issue for security-related bugs.
Please include the following in your report:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Any relevant logs, screenshots, or proof-of-concept code
- Your suggested fix (if you have one)
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| latest | Yes |
| older | No |
- Acknowledgment: We aim to acknowledge reports within 48 hours.
- Initial Assessment: We will triage and confirm the vulnerability within 5 business days.
- Resolution: We will work on a fix and coordinate disclosure with the reporter. Critical vulnerabilities will be prioritized.
- Disclosure: We prefer coordinated disclosure. Please allow us reasonable time to address the issue before publishing details publicly.
This policy covers the ZenStory application (frontend and backend) hosted in this repository. Third-party dependencies should be reported to their respective maintainers.
Thank you for helping keep ZenStory and our users safe.