| Version | Supported |
|---|---|
| Latest | Yes |
If you discover a security vulnerability in this project, please report it responsibly.
Please do NOT open a public GitHub issue for security vulnerabilities.
Instead, please send an email to the project maintainers at security@zircote.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (if applicable)
- Acknowledgment: Within 48 hours of receipt
- Initial assessment: Within 5 business days
- Resolution target: Within 30 days for confirmed vulnerabilities
We follow coordinated disclosure. We ask that you:
- Allow us reasonable time to address the issue before public disclosure
- Make a good-faith effort to avoid privacy violations, data loss, and service disruption
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
We appreciate the efforts of security researchers. Contributors who report valid vulnerabilities will be acknowledged (with permission) in our release notes.