The only completely secure system is the one that doesn't exist in the first place. Having said that, I take the security of this project very seriously.
Therefore, please disclose potential security issues (including steps to recreate the issue) by email to zwatkins.it@gmail.com. I strive (not guarantee) to provide an initial assessment of security reports within 48 hours and if warranted will begin work on a patch within 2 weeks (also, feel free to contribute a fix for the issue).
Even though I give no warranties or guarantees to the security of this repository (see LICENSE), I will do my best to respond to security issues as quickly as possible.
The latest minor and major versions are supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | yes |
| 1.1.x | yes |
| 1.2.x | yes |
To report a vulnerability with the project please send an email to zwatkins.it@gmail.com with [SECURITY] at the beginning of the subject line.
When a vulnerability is found, I will notify users in Discussions.
I welcome pull requests to improve security as long as your pull request description does not include steps to recreate the security exploit. Please read the contribution guidelines before writing your code for a pull request.