| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in Ycode, please report it responsibly.
Do not open a public issue. Instead, email us at:
Please include:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (if applicable)
- Acknowledgement: Within 48 hours of your report
- Initial assessment: Within 5 business days
- Resolution: Depends on severity, but we aim to patch critical issues within 14 days
We follow coordinated disclosure. We ask that you:
- Allow us reasonable time to investigate and fix the issue before public disclosure
- Avoid exploiting the vulnerability beyond what is necessary to demonstrate it
- Do not access or modify other users' data
We will credit reporters in the release notes (unless you prefer to remain anonymous).
This policy applies to the Ycode application code in this repository. For issues related to third-party services (Supabase, Vercel), please report to those providers directly.