We actively maintain and patch the following versions of this project. Please ensure you are using one of these supported versions before reporting security issues.
| Version | Supported |
|---|---|
| >= 0.18.0 | ✅ |
| <= 0.17.0 | ❌ |
If you discover a security vulnerability, please follow these steps:
-
Do not disclose publicly.
To protect users, please avoid discussing the vulnerability in public forums, issues, or pull requests. -
Report privately.
Email to [email protected] with the following information:- A clear description of the vulnerability.
- Steps to reproduce the issue (if applicable).
- Any potential impact you foresee.
- Any patches or workarounds you've already implemented (if applicable).
-
Confirmation.
We will confirm the report a.s.a.p by assessing the risk degree of the vulnerability and add it as an internal issue. We will email you about this process and let you know when the issue has been addressed and in which release. -
Resolution.
Once the vulnerability is resolved, we will issue an advisory and release a patch if required. We will credit the reporter unless anonymity is requested.
While using this project, we recommend:
- Keeping the project up-to-date (which in turn will keep dependencies up-to-date). If you install from source, don't forget to reinstall the project after a pull.
- Reviewing our documentation for secure configuration tips.
- Reporting issues responsibly.
We thank you for helping us keep this project safe for the community!