Currently, only the latest version of FactLite is supported with security updates. We recommend always using the most recent version to ensure you have the latest security fixes.
| Version | Supported |
|---|---|
| 1.2.0 | ✅ |
| < 1.2.0 | ❌ |
If you discover a security vulnerability in FactLite, we encourage you to report it responsibly. We take all security vulnerabilities seriously and will respond promptly to address them.
To report a security vulnerability, please send an email to:
Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any possible mitigations you have identified
- Your contact information for follow-up questions
When we receive a security vulnerability report, we will:
- Acknowledge receipt of your report within 24-72 hours
- Investigate the issue to verify its validity
- Determine the severity of the vulnerability
- Develop and test a fix
- Release a security update as soon as possible
- Credit you for the discovery (if you wish to be credited)
- Initial response: Within 24-72 hours of receiving your report
- Investigation: 1-7 business days
- Fix development: 3-14 business days (depending on severity)
- Release: As soon as the fix is ready and tested
Security updates will be included in regular version releases. We will also announce critical security fixes through:
- GitHub releases
- PyPI release notes
- The project's README file
We appreciate responsible disclosure of security vulnerabilities. Please do not publicly disclose the vulnerability until we have had a chance to address it.
This security policy applies to the FactLite framework and its official dependencies. It does not cover third-party libraries or applications that use FactLite.
For any security-related questions or concerns, please contact us at:
Email: srinternet@qq.com Project: https://github.com/SRInternet-Studio/FactLite
Thank you for helping to keep FactLite secure!