We currently support the latest version of the project. Please make sure you're using the most recent release before reporting a vulnerability.
| Version | Supported |
|---|---|
| Latest (main) | ✅ |
| Older versions | ❌ |
If you discover a security vulnerability in this project, please do not open a public issue.
Instead, report it privately by contacting us via email:
Please include the following details in your report:
- A detailed description of the vulnerability
- Steps to reproduce it, if applicable
- Potential impact or severity
- Suggested remediation or fix (if any)
We will respond as quickly as possible (usually within 72 hours), and work with you to validate and address the issue.
We ask that you:
- Do not publicly disclose the issue until we’ve had a reasonable time to investigate and respond.
- Act in good faith and avoid exploiting the issue (e.g. by accessing unauthorized data).
- Respect users' privacy and data at all times.
This project uses automated tools to detect security issues, including:
- GitHub Dependabot alerts
- npm audit
- Docker image scanning (via CI/CD)
Thank you for helping us keep this project secure! 🛡️