| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We take security vulnerabilities seriously. Please report them responsibly.
Do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via one of the following methods:
-
GitHub Security Advisories (Preferred):
- Navigate to the Security tab of this repository
- Click "Report a vulnerability"
- Follow the prompts to submit your report
-
Email:
- Send details to the repository maintainer
- Use the subject line:
[SECURITY] development-skills - Brief Description
Please include the following in your report:
- Type of vulnerability
- Location of the affected source code (file path, line numbers)
- Steps to reproduce the issue
- Proof of concept or exploit code (if available)
- Impact assessment
- Suggested fix (if you have one)
| Action | Timeframe |
|---|---|
| Initial response | Within 48 hours |
| Triage and severity assessment | Within 1 week |
| Fix development | Based on severity |
| Security advisory publication | After fix available |
| Severity | Fix Timeline |
|---|---|
| Critical | Within 48 hours |
| High | Within 1 week |
| Medium | Within 1 month |
| Low | Best effort |
-
Acknowledgment: We will acknowledge receipt of your report within 48 hours.
-
Communication: We will keep you informed of our progress.
-
Credit: If you wish, we will credit you in the security advisory.
-
Confidentiality: Please keep the vulnerability confidential until we release a fix.
When contributing to this project:
- Never commit secrets or credentials
- Use environment variables for sensitive configuration
- Follow the principle of least privilege
- Validate and sanitize all inputs
- Keep dependencies up to date