If you discover a security vulnerability in our project, we would like to know about it as soon as possible so we can take immediate action to address it. Please do the following:
- Email the Maintainers: Send an email to [email protected] with details of the vulnerability. Include any relevant information that would help us reproduce the issue, such as:
- Steps to reproduce the vulnerability
- The potential impact of the vulnerability
- Any proposed solutions or workarounds
-
Do Not Disclose Publicly: Please refrain from disclosing the vulnerability publicly until we have had an opportunity to address it.
-
Acknowledgment: You will receive an acknowledgment within 48 hours of your email, and we will work with you to understand and address the issue quickly.
-
Patch and Release: Once the vulnerability is confirmed, we will develop a fix and apply it to the relevant versions of the project. We will also coordinate with you on the timing of the public disclosure to ensure users have time to apply the patch.
-
Public Disclosure: After a fix has been implemented and tested, we will publicly announce the vulnerability and the steps taken to address it. Your contributions will be acknowledged unless you wish to remain anonymous.
Security patches are prioritized and will be released as soon as they are ready. All relevant versions under support will receive security patches in a timely manner. Users are encouraged to update their installations promptly after a security update is released.
We recommend that all users follow best practices to maintain the security of their environments:
- Update Regularly: Ensure that you are running the latest version of the project and its dependencies.
- Review Dependencies: Regularly review the security status of all dependencies listed in the go.mod file.
- Use Strong Passwords: Ensure that any passwords or API keys used in conjunction with this project are strong and stored securely.
- Monitor Logs: Regularly monitor application logs for any suspicious activity.
For any other security-related inquiries, feel free to reach out to [email protected]