We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take the security of Sparrow Bot seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email us at [email protected] with details about the vulnerability
- Include the following information:
- Type of vulnerability
- Full path to the vulnerable file
- Steps to reproduce
- Potential impact
- We will acknowledge receipt of your report within 48 hours
- We will provide an initial assessment of the report within 7 days
- We will work with you to understand and validate the issue
- We will release a fix as soon as possible, depending on the complexity of the issue
When using Sparrow Bot, please follow these security best practices:
- Keep your GitHub tokens secure and never commit them to your repository
- Use the principle of least privilege when creating tokens for the bot
- Regularly review the permissions granted to the bot
- Monitor the bot's activity in your repositories
- Keep the bot updated to the latest version
We follow the practice of responsible disclosure. After a fix has been released, we encourage you to submit a detailed report about the vulnerability. This helps the community learn from the issue and improve security practices.
Thank you for helping keep Sparrow Bot and its users safe!