Skip to content

Security: lastsunday/job-hunting

.github/SECURITY.md

Security Policy

Supported Versions

Only the latest release of each component (server, extension) is supported with security updates.

Reporting a Vulnerability

Please report security vulnerabilities via GitHub Security Advisory ("Security" tab → "Report a vulnerability") or by contacting the repository maintainer directly.

Do not file public issues for security vulnerabilities.

What to include

  • A clear description of the vulnerability
  • Steps to reproduce (if possible, a minimal PoC)
  • Affected component and version
  • Any potential impact or exploit scenario

Response timeline

Phase Expected time
Acknowledgment Within 48 hours
Triage & severity assessment Within 5 business days
Fix timeline communicated After triage

Disclosure policy

We follow a coordinated disclosure process:

  1. A fix is prepared in a private fork
  2. A security advisory is published on GitHub
  3. A patched release is published
  4. The vulnerability is publicly disclosed (if appropriate)

We do not currently operate a bug bounty program.

There aren't any published security advisories