We take security seriously and are committed to ensuring the safety of our projects and users. This section outlines which versions of our projects are currently receiving security updates.

We generally support the latest version of each project. For specific version support information, please check the individual project repositories.

We appreciate your efforts to responsibly disclose security vulnerabilities. If you discover a security vulnerability, please follow these guidelines:

DO NOT create a public GitHub issue for security vulnerabilities.

Instead, please report security vulnerabilities through one of these methods:

1. GitHub Security Advisories (Preferred)

   • Go to the repository's "Security" tab
   • Click "Report a vulnerability"
   • Fill out the private vulnerability report

2. Email

   • Send details to the project maintainers
   • Include "SECURITY" in the subject line
   • Encrypt sensitive information if possible

When reporting a vulnerability, please provide:

• Description: Clear description of the vulnerability
• Impact: Potential impact and severity assessment
• Reproduction Steps: Detailed steps to reproduce the issue
• Proof of Concept: Code or screenshots demonstrating the vulnerability
• Suggested Fix: Any suggestions for fixing the issue (if you have them)
• Environment Details: Relevant system/environment information

We are committed to responding to security reports promptly:

• Initial Response: Within 48 hours of receiving the report
• Status Update: Weekly updates until the issue is resolved
• Resolution: We aim to resolve critical vulnerabilities within 30 days

1. Acknowledgment: We confirm receipt of your vulnerability report
2. Investigation: Our team investigates and validates the reported issue
3. Development: We develop and test a fix for the vulnerability
4. Disclosure: We coordinate disclosure timing with the reporter
5. Release: We release the security fix and publish advisories
6. Recognition: We acknowledge the reporter (unless they prefer to remain anonymous)

• Keep dependencies up to date
• Follow secure coding practices
• Use static analysis tools when available
• Review code for security implications
• Test for common vulnerabilities (injection, XSS, etc.)

• Always use the latest version of our projects
• Keep your development environment secure
• Report suspicious behavior or potential vulnerabilities
• Follow the security guidelines in project documentation

This security policy applies to:

• All repositories under the Laserwolve organization
• Official releases and distributions
• Security-relevant documentation and guides

This policy does not cover:

• Third-party integrations or dependencies (unless we have modified them)
• Issues in user-generated content or configurations
• Social engineering attacks

We publish security advisories for:

• High and critical severity vulnerabilities
• Issues that affect multiple projects
• Vulnerabilities with broad impact

Security advisories are published in:

• GitHub Security Advisories for each affected repository
• Project release notes and changelogs
• Community announcements when appropriate

For security-related questions or concerns:

• Use GitHub Security Advisories (preferred)
• Create a regular issue for general security questions (not vulnerabilities)
• Check our Support documentation for other contact methods

We believe in recognizing security researchers who help improve our projects:

• We maintain a Hall of Fame for security researchers (with their permission)
• We provide public acknowledgment in security advisories
• We offer swag or other tokens of appreciation when possible

• We will not pursue legal action against security researchers who follow this policy
• We encourage coordinated disclosure and will work with researchers on timing
• Please respect user privacy and data protection laws when testing

Thank you for helping us keep Laserwolve projects secure!