We release security updates for the following versions. Please ensure you are using a supported version to receive important updates.
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.x | ❌ |
We are committed to maintaining the security of our software. If you discover a security vulnerability, please help us responsibly disclose it by following these guidelines:
- Do not publicly disclose the issue until we have had a reasonable opportunity to address it.
- Provide detailed information to help us reproduce the issue. Include:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- The impact of the vulnerability
- Potential attack scenarios
- Submit vulnerabilities via email to hr2axleshift@gmail.com. We encourage you to use encryption for sensitive information. Please request our public PGP key if needed.
We will work with you to assess and address the issue in a timely manner. Upon verification, we will:
- Acknowledge receipt of the report within 48 hours.
- Work with you on a fix, and keep you updated on the progress.
- Credit you in the release notes if the vulnerability is disclosed.
To ensure the security of your installation, please follow these recommendations:
- Use only supported versions of this software.
- Apply security updates as soon as they are available.
- Review dependencies regularly for known vulnerabilities.
- Report any suspected vulnerabilities in third-party dependencies used by the project.
Please note that any attempts to exploit vulnerabilities outside of our responsible disclosure process may be considered illegal and subject to legal consequences.
Thank you for helping us make this project secure for everyone.