The following table outlines the versions of our project that are currently receiving security updates. Please note that older versions may no longer receive updates, and we encourage users to upgrade to the latest supported versions.
| Version | Supported |
|---|---|
| 5.1.x | ✅ |
| 5.0.x | ❌ |
| 4.0.x | ✅ |
| < 4.0 | ❌ |
- 5.1.x: The latest stable version, actively supported with security patches and critical bug fixes. Users on this version should regularly update to the latest patch releases.
- 5.0.x: No longer supported. Users on this version are encouraged to upgrade to 5.1.x for the latest security enhancements.
- 4.0.x: Supported with security updates, but no new features or enhancements will be added. Users are encouraged to upgrade to 5.1.x where possible.
- < 4.0: End of life. No security updates or support will be provided. Users on these versions should upgrade immediately to the latest supported version to ensure security.
We take the security of our project seriously. If you discover a security vulnerability, we strongly encourage you to report it as soon as possible. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your report promptly.
- Email: Please send an email to omkargupta702@gmail.com with details of the vulnerability. Use a clear and concise subject line (e.g., "Security Vulnerability in ProjectName v5.1.0").
- GitHub Issues: Please do not report security vulnerabilities via GitHub issues. Instead, use the private reporting methods listed above.
When reporting a vulnerability, please include the following information to help us assess and resolve the issue promptly:
- Affected versions of the software.
- A detailed description of the vulnerability, including any proof-of-concept code, if available.
- Steps to reproduce the vulnerability.
- Potential impact of the vulnerability (e.g., remote code execution, data leak, etc.).
- Your assessment of the severity level (low, medium, high, critical).
- Acknowledgment: You will receive an acknowledgment of your report within 48 hours, confirming receipt and an initial assessment.
- Initial Triage: Our security team will conduct an initial triage of the reported vulnerability and may contact you for additional information if necessary.
- Fixing the Issue: Once validated, we will work on fixing the vulnerability. Depending on the severity, this might be done in a private branch before the fix is released publicly.
- Release of Fix: A security patch will be released for the affected versions. If the fix cannot be backported, we will notify affected users to upgrade to a newer, secure version.
- Notification: After the vulnerability is fixed, we will notify the reporter and publicly disclose the vulnerability through a security advisory.
- We strive to disclose vulnerabilities in a responsible and coordinated manner. This typically involves providing a public advisory once the fix is available and giving users ample time to upgrade.
- In some cases, we may delay public disclosure to allow users time to apply patches or mitigations.
We are committed to maintaining the security of our project and ensuring that our users are protected from vulnerabilities. We appreciate the efforts of the security community in identifying and reporting security issues, and we are committed to working with reporters to resolve these issues promptly.
For any questions about our security policy, or if you need further assistance, please contact us at omkargupta702@gmail.com.