We are committed to providing security patches for the latest major version of Rawi. While we recommend always using the most recent release for the best security and features, you can generally expect security updates for the currently active major release series.
For example, if the current major version is v1.x.x, security patches will be applied to this series. Older major versions are not actively supported for security updates.
We take security seriously and appreciate your efforts to responsibly disclose vulnerabilities.
If you discover a security vulnerability within Rawi, please do not open a public issue. Instead, please contact us immediately and privately via our security contact form.
All security vulnerability reports will be promptly acknowledged, reviewed, and addressed. We kindly request that you give us a reasonable amount of time to investigate and fix the issue before public disclosure.
Upon receiving a security vulnerability report, we will:
- Acknowledge Receipt: We will send an initial response acknowledging your report within 2-3 business days.
- Investigation and Remediation: We will investigate the reported vulnerability and work on a fix.
- Public Disclosure: We aim to disclose the vulnerability publicly within 90 days from the date of the initial report, or sooner if a fix is released and widely available. We will notify the reporter prior to public disclosure.
We adhere to coordinated vulnerability disclosure best practices.
If you have suggestions on how this process could be improved for Rawi, please submit a pull request or open an issue on our GitHub repository.
We extend our sincere thanks to all security researchers and individuals who report vulnerabilities to us responsibly, helping to make Rawi more secure for everyone.
This project is licensed under the MIT License - see the LICENSE file for details.