The following table shows which versions currently receive security patches.
| Version | Supported |
|---|---|
| 1.x | Yes |
| < 1.0 | No |
If you discover a security vulnerability in this project, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please send an email to matteo.morando98@gmail.com with:
- A description of the vulnerability
- Steps to reproduce it
- The potential impact
- Any suggested fix (if available)
- Acknowledgement: within 48 hours
- Initial assessment: within 1 week
- Fix and disclosure: as soon as a patch is ready, typically within 30 days
We follow a coordinated disclosure process. We ask that you:
- Allow us reasonable time to investigate and address the issue before public disclosure
- Avoid exploiting the vulnerability beyond what is necessary to demonstrate it
- Do not access or modify other users' data
We are committed to working with security researchers and will credit reporters in the release notes (unless anonymity is preferred).