Thank you for your interest in improving the security of Serdec!
We are committed to protecting users of Serdec and appreciate responsible disclosure of security vulnerabilities. This document outlines how to report vulnerabilities and our process for handling them.
If you discover a security vulnerability in Serdec, please report it privately by following these steps:
- Contact us at contact@leorium.com.
- Provide as much information as possible to help us understand and reproduce the issue, including:
- A clear description of the vulnerability.
- Steps to reproduce the issue (proof of concept is very helpful).
- The potential impact and any suggested mitigation strategies.
- Your contact information (optional if you wish to stay anonymous).
Please do not create a public GitHub issue or discuss the vulnerability publicly until we have had a chance to investigate and address it.
We take security reports seriously and aim to respond to all reports within 72 hours.
Upon receiving a security report:
- Acknowledgment: We will acknowledge your report as soon as possible (typically within 72 hours).
- Investigation: We will investigate the reported vulnerability and determine its impact and severity.
- Resolution: If confirmed, we will develop a fix, prioritize it based on severity, and prepare a release if necessary.
- Disclosure: Once the fix is released, we will credit the reporter (if desired) and disclose the vulnerability details responsibly.
We may coordinate a public disclosure timeline with you once a patch is available.
We generally provide security updates for the latest stable release of Serdec.
Older versions may not receive backported fixes unless explicitly stated.
| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
| 0.x | ❌ No |
This security policy applies to:
- Source code in the Serdec repository.
- Official releases published by the maintainers.
- Documentation where relevant to security issues.
Issues outside the scope include:
- Third-party dependencies (unless integrated into Serdec directly).
- User configuration errors unrelated to Serdec bugs.
We ask that all reporters follow these guidelines for responsible disclosure:
- Do not publicly disclose the vulnerability until a fix has been made available or coordinated with the maintainers.
- Avoid exploiting the vulnerability or accessing user data beyond what is necessary to demonstrate the issue.
- Act in good faith to avoid privacy violations, destruction of data, or interruption of service.
- Give us a reasonable amount of time to address the issue before disclosure.
Following responsible disclosure allows us to protect Serdec users more effectively.
Please direct all security communications to:
📧 Email: contact@leorium.com
For non-security issues, please use GitHub Issues or Discussions.
We sincerely thank security researchers and users who help protect Serdec and its community!
Your efforts are vital to maintaining a secure and trustworthy project.
This security policy is based on best practices from the open-source community and may evolve over time.