Security issues happen as part of the normal lifecycle of software development.
Only latest major version is supported, including last 5 minor versions.
If you discover a security issue, please follow these steps to report it:
-
Publicly Disclosed Issues:
- If the issue is already publicly disclosed (e.g., a CVE in one of the project's dependencies), feel free to create a GitHub issue to discuss it openly.
-
Privately Discovered Issues:
- For vulnerabilities that have not been publicly disclosed, we encourage you to use GitHub Security Advisories to report the issue privately and securely. This ensures the vulnerability is addressed before public disclosure.
- Navigate to the repository's Security tab and click on Report a Vulnerability to create a private advisory.
-
Include Relevant Details:
- Provide as much information as possible, including steps to reproduce the issue, affected versions, and any potential impact.
We highly value your contributions and will acknowledge your efforts in helping us maintain a secure project.
Our repositories are scanned by more security tools frequently and also during push or pull requests. On the second hand, it's still possible you could find any security issue.