As an open source product, we will only provide security patches for the latest major version. Older versions will not receive retroactive security patches.
We release patches for security vulnerabilities in the following versions:
Version | Supported |
---|---|
5.1.x | ✅ |
5.0.x | ❌ |
4.0.x | ✅ |
< 4.0 | ❌ |
If you discover a security vulnerability, please report it to us in the following manner:
- Email us at [INSERT CONTACT EMAIL]. Please do not create a public GitHub issue.
- Include as much detail as possible, including steps to reproduce the vulnerability, potential impact, and any other relevant information.
- We will acknowledge your email within [X] business days and work with you to understand the issue and address it promptly.
Out team and community take security bugs in seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/route06inc/[REPO NAME]/security/advisories/new) tab. Do not open up a GitHub issue.
Our team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Report security bugs in third-party modules to the person or team maintaining the module.
We follow a responsible disclosure process:
- We will investigate the reported vulnerability and work on a fix.
- A fix will be developed, tested, and incorporated into the project.
- Once the fix is ready, we will release a new version of the project with a detailed release note.
- We will notify the reporter about the fix and acknowledge their contribution in the release notes, if they wish to be credited.
To ensure the security of our project, we are committed the following best practices:
- Keep dependencies up to date: Regularly update dependencies to incorporate security fixes.
- Review and audit code: Periodically review and audit the codebase for potential security issues.
- Use secure coding practices: Follow best practices for secure coding to minimize vulnerabilities.
- Stay informed: Keep up to date with the latest security news and advisories related to the technologies used in this project.
For any other security-related inquiries, please contact us at [INSERT CONTACT EMAIL].
Thank you for helping us keep our project secure!