We support the latest stable release of this project. Older versions may not receive security updates unless explicitly stated.
If you discover a security vulnerability in this project, please report it privately.
To report a vulnerability:
- Email: sergey.golovin@protonmail.com
- Please do not open public GitHub issues or pull requests describing the vulnerability.
- Include as much relevant information as possible:
- Affected version(s)
- Steps to reproduce
- Potential impact
- Any known mitigations or workarounds
We aim to respond within 5 business days. Once the issue is confirmed, we will coordinate on a fix and disclosure timeline.
This project follows modern Rust security best practices and is proactively monitored:
- 📦 Dependency Updates: We use Dependabot to automatically track and apply upstream security fixes in dependencies.
- 📊 Security Health: We use OpenSSF Scorecard to evaluate and improve the overall security posture of this repository.
- 🧼 Safe Rust: We minimize or avoid use of
unsafecode. Where it exists, it is carefully reviewed and documented. - ✅ All pull requests undergo automated checks, including static analysis and test validation.
We support and encourage responsible disclosure. Please give us time to investigate and patch the issue before any public disclosure.
Thank you for helping us make this project safer for everyone!