Skip to content

Security: mtctx/Squishy

Security

SECURITY.md

🔒 Squishy Security Policy

Hey there! Thanks so much for checking out our security policy. It means a lot that you're taking the time to understand how we keep Squishy safe. We truly believe that a secure project is a community effort, and your help is a huge part of that.

🛡️ What We Support

We know it's important for you to feel confident that the version of Squishy you're using is protected. To keep things simple and efficient, we focus all our energy on making sure our very latest version is as secure as possible.

Since we're a new project and still growing fast, we aren't able to maintain older versions. That means, to get the latest security updates, you should always be on the most recent release.

Right now, we are only providing security updates for version 0.0.1.

🚨 Think You Found a Vulnerability?

If you think you've found a security flaw, please know that we are incredibly grateful for your help! Finding and responsibly reporting these issues is the best way to keep our community safe.

Please, please, please do not create a public issue on GitHub. Sharing a vulnerability publicly could put everyone at risk, and we want to prevent that at all costs.

How to Report It

You can send an email directly to our dedicated security inbox. It's the most secure way to reach us.

vulnerability-Squishy@mtctx.dev

We promise to get back to you within 48 hours to confirm we've received your report.

What to Include

To help us understand and fix the issue as quickly as possible, please include as many details as you can. A good report answers these questions:

  • What's the problem? Give us a clear and simple description of the vulnerability.
  • How can we see it happen? List the steps we need to take to reproduce it.
  • What's the potential impact? What could happen if this isn't fixed?
  • What version of Squishy and module is affected?
  • Do you have any suggestions for a fix? (This is totally optional, but we'd love to hear your ideas!)

What Happens Next?

Once you report a vulnerability, here's what we'll do:

  1. Acknowledge: We'll email you back to confirm we got your report.
  2. Investigate: We'll dive in to understand the issue and start working on a solution. We'll keep you in the loop on our progress.
  3. Disclose: Once we've released a fix, we'll publish a public security advisory so the community knows what happened and how to stay safe. We'll also give you a big thank you for your help, unless you'd rather remain anonymous.

Thank you again for being a vital part of our community and helping us build a more secure Squishy for everyone. We couldn't do it without you. ❤️

There aren’t any published security advisories