THE FOLLOWING TABLE LISTS THE VERSIONS OF THIS PROJECT THAT ARE CURRENTLY SUPPORTED WITH SECURITY UPDATES:
| VERSION | SUPPORTED |
|---|---|
| 1.X.X | ✅ SUPPORTED |
| < 1.0 | ❌ NOT SUPPORTED |
IF YOU DISCOVER A SECURITY VULNERABILITY, DO NOT OPEN A PUBLIC ISSUE OR PULL REQUEST.
INSTEAD, PLEASE REPORT IT RESPONSIBLY THROUGH THE FOLLOWING CHANNEL:
- EMAIL: XIAO
- (OPTIONAL) ENCRYPTED REPORTS CAN BE SENT USING OUR PGP KEY:
0XYOURKEYHERE
WHEN REPORTING A VULNERABILITY, PLEASE INCLUDE THE FOLLOWING DETAILS:
- AFFECTED VERSION AND COMPONENT
- DESCRIPTION OF THE VULNERABILITY
- STEPS TO REPRODUCE (MINIMAL REPRODUCIBLE EXAMPLE IF POSSIBLE)
- POTENTIAL IMPACT OR SEVERITY
- PROOF-OF-CONCEPT CODE, LOGS, OR SCREENSHOTS (IF AVAILABLE)
- ACKNOWLEDGEMENT OF YOUR REPORT WITHIN 72 HOURS
- INITIAL ASSESSMENT AND TRIAGE WITHIN 7 DAYS
- DEVELOPMENT AND VALIDATION OF A FIX
- COORDINATION OF RESPONSIBLE DISCLOSURE
- PUBLIC SECURITY ADVISORY RELEASED AFTER FIX IS AVAILABLE
WE STRONGLY ENCOURAGE RESPONSIBLE DISCLOSURE.
WE REQUEST THAT YOU DO NOT PUBLICLY DISCLOSE THE VULNERABILITY UNTIL A FIX HAS BEEN DEVELOPED AND DEPLOYED.
CREDIT WILL BE GIVEN TO REPORTERS WHO FOLLOW THIS POLICY AND WISH TO BE ACKNOWLEDGED.
FOR ALL SECURITY-RELATED MATTERS, PLEASE CONTACT:
SECURITY TEAM
EMAIL: NUSAETIKA
PGP KEY: 0XYOURKEYHERE (OPTIONAL)
THANK YOU FOR HELPING US KEEP THIS PROJECT SAFE AND SECURE.