We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 1.x | ✅ |
If you discover a security vulnerability within this library, please send an email to the maintainers. All security vulnerabilities will be promptly addressed.
Please do not report security vulnerabilities through public GitHub issues.
When reporting a vulnerability, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any potential solutions you've considered
- Initial Response: We aim to acknowledge receipt of your vulnerability report within 48 hours
- Status Updates: We will send you regular updates about our progress
- Disclosure: Once the vulnerability is fixed, we will work with you on responsible disclosure
- The security report is received and assigned to a primary handler
- The problem is confirmed and a list of affected versions is determined
- Code is audited to find any similar problems
- Fixes are prepared for all supported releases
- New versions are released and announced
When using this library, we recommend:
- Keep your dependencies up to date
- Use the latest stable version of PHP (8.4+)
- Follow the principle of least privilege
- Validate and sanitize all user input
- Use type coercion methods appropriately
Thank you for helping keep Axiom Library and its users safe!