We take the security of XSearch seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Currently, security updates are provided for the following versions:

(Note: You can update this table as your project releases specific version tags.)

Please do not report security vulnerabilities through public GitHub issues. Publicly disclosing a vulnerability can put the project and its users at risk before a patch is available. Instead, please report them privately by sending an email to:

📧 xsearch052@gmail.com

To help us triage and resolve the issue quickly, please include as much of the following information as possible:

• Type of issue: (e.g., path traversal, remote code execution, SQL injection)
• Location: The full path of the affected source code file(s), or the specific commit/branch.
• Reproduction steps: Step-by-step instructions or any special configuration required to reproduce the issue.
• Proof of Concept (PoC): Exploit code or a detailed description of how an attacker could exploit the vulnerability.
• Impact: What could happen if this vulnerability is exploited.

1. Acknowledgement: We prefer all communications to be in English. You should receive a response acknowledging receipt of your report within 48 hours.
2. Triage: We will investigate the issue and determine its validity and severity.
3. Patch & Disclosure: If the vulnerability is confirmed, we will work on a patch and release it as quickly as possible. We follow the principle of Coordinated Vulnerability Disclosure (CVD).

Thank you for helping keep XSearch and the open-source community safe!