We take the security of our software seriously. If you believe you have found a security vulnerability, please report it to us as soon as possible so we can investigate and address it responsibly.
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 5.1.x | ✅ |
| 5.0.x | ❌ |
| 4.0.x | ✅ |
| < 4.0 | ❌ |
Only the versions marked as supported will receive security fixes.
Please report security vulnerabilities by emailing:
[SECURITY_CONTACT_EMAIL]
Include as much detail as possible, such as:
- A description of the issue
- Steps to reproduce the vulnerability
- Any affected versions
- Proof of concept code, screenshots, or logs if available
- The potential impact of the issue
We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and respond.
After receiving a report, we will:
- Acknowledge receipt within [X business days]
- Review and validate the issue
- Provide a status update within [Y business days]
- Fix confirmed vulnerabilities in a future release or issue a mitigation if needed
If the report is accepted, we will work to remediate it as quickly as reasonably possible based on severity and impact.
If the report is declined, we will explain why, when appropriate.
We appreciate responsible disclosure practices and ask that reporters:
- Avoid accessing, modifying, or deleting data that does not belong to them
- Avoid disruptive testing against production systems
- Avoid public disclosure until a fix is available or we have agreed on a disclosure timeline
This policy applies to security issues in the main project codebase and officially supported releases.
Issues in unsupported versions may be reviewed on a best-effort basis, but security fixes are not guaranteed.
With your permission, we may acknowledge security researchers who responsibly report valid issues.
Thank you for helping keep this project secure.