Currently, we are providing security updates only for the following versions:
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
We take security very seriously. If you have discovered a security vulnerability in our project, please follow the guidelines below for reporting it to us.
-
Use Private Vulnerability Reporting: We allow users to privately report potential security vulnerabilities. Please use this feature for initial reporting. Do not open a public issue.
-
Initial Contact: If you cannot use the private vulnerability reporting feature for some reason, email the security team directly at [email protected].
-
Information Gathering: When reporting, include as much information as possible. Ideally, use the following format:
- Brief description of the issue
- Affected components (API, frontend, etc.)
- Steps to reproduce
- Step one
- Step two ...
- Supporting material (logs, screenshots)
-
Expect a Reply: You will receive an acknowledgment from the security team within 48 hours of reporting, followed by a more detailed response outlining the next steps.
- After the initial report, the security team will keep you informed of the progress being made towards a fix.
- The security team will publicly disclose the issue once it has been resolved, crediting you for the discovery, unless you wish to remain anonymous.
We use GitHub's CodeQL scanning to identify vulnerabilities automatically. However, this doesn't replace the value of human ethical hacking efforts. We appreciate your responsible disclosure.