😵💫 DO NOT Publish Security Reports Publicly 😵💫
We support fixing security issues on the following releases:
| Version | Supported | Security fixes until |
|---|---|---|
| 1.x | ✅ | 12 months from 2.x release |
| 0.x | ✅ | Until 1.x release |
If you’ve found a security issue in Arshwell, please use the following procedure instead of the normal bug reporting system. Instead of using the bug tracker, mailing list or IRC please send a DM to the owner of this repo:
- Discord: arshavinel#8902 user;
- Instagram: /arshavinel account.
For each report, we try to first confirm the vulnerability. Once confirmed, the Arshwell team will take the following actions:
- Acknowledge to the reporter that we’ve received the issue, and are
working on a fix;
- We ask that the reporter keep the issue confidential until we announce it.
- Get a fix/patch prepared;
- Prepare a post describing the vulnerability, and the possible exploits;
- Release new versions of all affected versions;
- Prominently feature the problem in the release announcement.