We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability within this package, please send an email to [email protected]. All security vulnerabilities will be promptly addressed.
Please do not report security vulnerabilities through public GitHub issues.
- You submit your vulnerability report via email
- We will acknowledge receipt of your vulnerability report
- We will investigate and determine the potential impact
- We will develop and test a fix
- We will prepare a security advisory and release a patch
- The security advisory will be published after the patch is released
Please include the following in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fix (if possible)
- Your contact information
We use the following tools for security analysis:
- PHPStan for static analysis
- Composer Security Checker for dependency vulnerabilities
- Regularly update dependencies to mitigate known vulnerabilities
- Use
composer outdatedto check for outdated packages
When using this library, consider the following security best practices:
- Always validate and sanitize JSON input before processing
- Use appropriate depth and length limits when parsing JSON
- Implement proper error handling
- Keep the library updated to the latest version
- Follow secure coding practices in your implementation
Security updates will be released as soon as possible after a vulnerability is discovered and verified. Updates will be published through:
- GitHub Security Advisories
- Release Notes
- Security Notifications to registered users
We would like to thank the following individuals and organizations who have helped improve the security of this library:
- List will be updated as contributors help identify and fix security issues