I take the security of my projects seriously. If you discover a security vulnerability, I appreciate your help in disclosing it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via one of the following methods:
-
GitHub Security Advisories (Preferred)
- Navigate to the repository's "Security" tab
- Click "Report a vulnerability"
- Provide detailed information about the vulnerability
-
Direct Contact
- For sensitive security issues, please reach out directly through GitHub
- Include "SECURITY" in the subject line
- Provide as much information as possible
When reporting a vulnerability, please include:
- Description: Clear description of the vulnerability
- Impact: Potential impact and attack scenarios
- Reproduction: Step-by-step instructions to reproduce the issue
- Environment: Affected versions, operating systems, or configurations
- Suggestions: Any ideas for fixes or mitigations (optional)
- Initial Response: Within 48 hours of report submission
- Status Updates: Regular updates on investigation progress
- Resolution: Coordinated disclosure timeline once fixed
As a developer with 30 years of experience, I follow these security principles:
- π Secure by Design: Security considerations from the start
- π Regular Reviews: Periodic security assessments
- π¦ Dependency Management: Keeping dependencies up-to-date
- π‘οΈ Defense in Depth: Multiple layers of security controls
- π Documentation: Clear security guidelines and practices
Security updates are provided for:
- β Latest release
- β Main/master branch
I appreciate the security research community's efforts in making the software ecosystem safer. Responsible disclosures are always acknowledged (with permission) in release notes.
Thank you for helping keep my projects secure!