| Version | Supported |
|---|---|
| 1.x | Yes |
Only the latest release on the 1.x line receives security fixes.
Do not open a public GitHub issue for security vulnerabilities.
Send a report to:
Please include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce or a minimal proof-of-concept.
- The version of pompelmi affected.
- Your suggested fix, if you have one.
We aim to acknowledge reports within 48 hours and provide a resolution or mitigation plan within 14 days for confirmed issues.
This policy covers the pompelmi package itself (the code in this repository). It does not cover ClamAV, the underlying antivirus engine. Vulnerabilities in ClamAV should be reported directly to the ClamAV security team.
We follow a coordinated disclosure model. We ask that you give us a reasonable amount of time to address the issue before any public disclosure.
- Security email: pompelmideveloper@yahoo.com
- Repository: https://github.com/pompelmi/pompelmi