Skip to content

Security: liblaf/api

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

We take the security of our project seriously and appreciate your efforts to responsibly disclose any vulnerabilities you find. To report a security issue, please follow these steps:

1. Do Not Open a Public Issue

  • Please do not disclose the vulnerability publicly until we have had a chance to address it.

2. Submit a Report

  • Send an email to our security team at [email protected].
  • Include details of the vulnerability, including:
    • A description of the vulnerability.
    • Steps to reproduce the issue.
    • Information about the affected versions of the project.
    • Any potential impact of the vulnerability.

3. Response Time

  • We will acknowledge your email within 48 hours and provide an estimated timeline for when you can expect a more detailed response.

4. Disclosure Policy

  • Once the vulnerability is resolved, we will work with you to determine the best time to disclose the issue publicly. We are committed to transparency and will credit you for your discovery, unless you prefer to remain anonymous.

Supported Versions

The following versions of our project are currently being supported with security updates:

Version Supported
2.x.x
1.x.x
< 1.0

Security Best Practices

To help ensure the security of our project, we recommend the following best practices:

  • Regular Updates: Keep your dependencies and the project itself up to date with the latest versions.
  • Code Reviews: Encourage peer reviews of pull requests to catch potential security issues early.
  • Static Analysis: Use static analysis tools to identify potential vulnerabilities in the codebase.
  • Testing: Implement comprehensive unit and integration tests to validate the security of the application.

Acknowledgments

We would like to thank the following individuals and organizations for responsibly disclosing vulnerabilities and helping us improve the security of our project:

Additional Resources

For more information on security best practices, you can refer to the following resources:


Thank you for helping us keep our project secure!

There aren’t any published security advisories