| Version | Supported |
|---|---|
Latest (master) |
✅ |
| Older releases | ❌ |
Do not open a public GitHub issue for security vulnerabilities.
Use GitHub's built-in private advisory mechanism:
- Go to the Security tab of this repository.
- Click "Report a vulnerability".
- Fill in the details — affected component, steps to reproduce, and potential impact.
- Submit. Maintainers will be notified privately and will respond within 72 hours.
If the Security tab is disabled or inaccessible, email the maintainer directly:
- @SandeepVashishtha — raise a GitHub private advisory or contact via the email listed on the profile page.
Encrypt sensitive details if possible. Do not share reproduction steps or proof-of-concept code in any public channel until a fix is released.
- Affected file(s), module, or endpoint
- Steps to reproduce the vulnerability
- Potential impact (data exposure, privilege escalation, DoS, etc.)
- Your suggested fix or mitigation (optional but appreciated)
- Maintainers will acknowledge receipt within 72 hours.
- A fix target will be communicated within 7 days of confirmation.
- Public disclosure will happen only after a patch is released, coordinated with the reporter.
- Credit will be given to the reporter in the release notes unless anonymity is requested.
- Vulnerabilities in dependencies (report upstream; open a public issue here to track)
- Issues requiring physical access to a device
- Social engineering attacks
For general bugs or feature requests, open a regular GitHub issue.