Skip to content

Security: Adolanium/Lucky

Security

SECURITY.md

Security Policy

Supported Versions

Only the latest release is actively maintained. Older versions do not receive security fixes.

Version Supported
Latest
Older

Reporting a Vulnerability

Do not open a public GitHub issue for security vulnerabilities.

Use one of these channels:

  1. GitHub private advisory (preferred): Report a vulnerability
  2. Email: lucas.diassantana@gmail.com — subject line [Lucky] Security

What to include

  • Description of the vulnerability and potential impact
  • Steps to reproduce or a proof-of-concept
  • Affected version(s)
  • Any suggested mitigations (optional)

Response SLA

This is a solo-maintained project. I aim to:

  • Acknowledge reports within 48 hours
  • Provide an assessment (valid / not applicable) within 7 days
  • Release a fix for confirmed vulnerabilities as soon as reasonably possible

I'll credit reporters in the release notes unless you prefer to remain anonymous.

There aren't any published security advisories