If you discover a security vulnerability in Dexfile, we strongly encourage you to report it privately and responsibly.
- Do not create public GitHub issues or discussions for security vulnerabilities.
- Instead, please email the maintainers at: security@dexnore.dev (or the address listed in the repository's contacts if different).
In your report, please include:
- A clear and detailed description of the vulnerability
- Steps to reproduce the issue
- Any relevant logs, screenshots, or proof-of-concept code
- Your operating system and Dexfile/BuildKit version
We will acknowledge your report within 5 business days, and will work to investigate and resolve the issue as quickly as possible. You will be kept informed of our progress and will be credited for responsible disclosure, if desired.
We generally support the latest stable version of Dexfile and the latest release branch.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
If you are using an unsupported version, please upgrade before reporting vulnerabilities.
When a security vulnerability is fixed, we will announce the patch in the release notes and, if appropriate, provide upgrade instructions.
- Vulnerabilities will be disclosed publicly after a fix is available and users have had a reasonable time to update.
- We are committed to transparent communication and responsible disclosure practices.
Thank you for helping keep Dexfile and its users secure!