We take security vulnerabilities seriously. Thank you for improving the security of our project.
The following versions of this project are currently supported with security updates:
| Version | Supported |
|---|---|
| 5.x.x | ✅ |
| 4.x.x | ✅ |
| < 4.0.0 | ❌ |
Please DO NOT open a public issue for security-related vulnerabilities.
If you discover a security vulnerability, please report it privately via GitHub's Private vulnerability reporting feature. You can do this by navigating to the Security tab of this repository, selecting Advisories, and clicking the Report a vulnerability button.
To help us resolve the issue efficiently, please include the following details in your report:
- Type of vulnerability (e.g., XSS, SSRF, Prototype Pollution)
- Affected component or file name
- Steps to reproduce (including proof of concept / PoC code if available)
- Potential impact of the vulnerability
- Acknowledgment: We will acknowledge receipt of your report within 48 to 72 hours.
- Investigation: We will verify the vulnerability and evaluate its severity.
- Fix & Release: We will work on a fix in a private fork and release a patched version as soon as possible.
- Advisory: A GitHub Security Advisory will be published if necessary, giving you full credit for the discovery (unless you prefer to remain anonymous).
Please adhere to Coordinated Vulnerability Disclosure (CVD) and do not disclose the vulnerability publicly until a patch has been released.