Version | Supported |
---|---|
3.x.x | ✅ |
< 2.1 | ❌ |
< 2.x | ❌ |
We take security issues very seriously and appreciate the efforts of security researchers and users in reporting vulnerabilities responsibly. If you believe you have discovered a security vulnerability in our software, please follow the guidelines below to report it:
-
Reporting Process: To report a vulnerability, please send an email to [email protected]. Do not disclose the issue publicly before it has been addressed by our team.
-
Provide Details: In your report, include a detailed description of the vulnerability, including steps to reproduce it and any potential impact it might have.
-
Scope: Please ensure that you only report security vulnerabilities related to the software versions listed as "Supported" in the table above. Issues in unsupported versions will not be eligible for consideration.
-
Response Time: We will make every effort to acknowledge your report within 48 hours of receipt. Our team will then work diligently to verify and validate the reported vulnerability.
-
Resolution Time: The time taken to resolve a vulnerability depends on its complexity and severity. We are committed to providing regular updates on the progress and expected resolution timeline.
-
Public Disclosure: We request that you do not publicly disclose the vulnerability until our team has had a reasonable opportunity to address it. After the issue is resolved, we encourage responsible disclosure to allow users to update their systems.
-
Recognition: We acknowledge the efforts of security researchers and users who responsibly report valid security issues. If you wish to be publicly recognized for your contribution, please let us know in your report. However, we will respect your decision if you prefer to remain anonymous.
-
Vulnerability Acceptance/Decline: Our security team will assess the reported vulnerability and notify you of their findings. If the vulnerability is accepted, we will work on a fix and include it in the next appropriate software update. If the vulnerability is declined, we will provide reasons for our decision and offer the opportunity for further discussion.
Thank you for helping us keep our software secure and making it safer for all users. Your cooperation and responsible disclosure are greatly appreciated.
Please note that this security policy is subject to change without notice, so we encourage you to review it periodically.