Skip to content

Security: jsonrainbow/docs

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

The JSON Rainbow team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings.

How to Report

If you discover a security vulnerability, please report it by:

  1. Do NOT open a public issue
  2. Send details to the repository maintainers through GitHub's private vulnerability reporting feature
  3. Include as much information as possible:
    • Type of vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

What to Expect

  • We will acknowledge receipt of your report within 48 hours
  • We will provide an initial assessment within 7 days
  • We will work with you to understand and resolve the issue
  • We will keep you informed about our progress
  • Once the vulnerability is fixed, we will publicly acknowledge your contribution (unless you prefer to remain anonymous)

Scope

This security policy applies to all repositories under the JSON Rainbow organization.

Supported Versions

Please refer to each individual repository for information about which versions are currently being supported with security updates.

Security Best Practices

When using our libraries:

  • Always use the latest stable version
  • Keep your dependencies up to date
  • Review our changelogs for security-related updates

Thank you for helping keep JSON Rainbow and our users safe!

There aren’t any published security advisories