Skip to content

Security: conceptadev/ack

Security

SECURITY.md

Security Policy

Supported versions

Security fixes are made for the latest released Ack version. Users should upgrade to the newest compatible release before reporting a problem or asking for a backport. Older release lines may receive fixes at the maintainers' discretion.

Reporting a vulnerability

Do not report a suspected vulnerability in a public GitHub issue.

Contact the repository owner privately through the contact methods on their GitHub profile. Include:

  • the affected package and version;
  • a clear description of the impact;
  • steps or a minimal program that reproduces the issue;
  • any known workarounds; and
  • whether the report or exploit details have been shared elsewhere.

If no private contact method is available, open an issue that requests a private security contact without including vulnerability details.

Please allow maintainers time to confirm the report and coordinate a fix before public disclosure. If the report is accepted, the project will credit the reporter unless they prefer to remain anonymous.

Scope

Security reports should describe a concrete confidentiality, integrity, or availability impact. General bugs, unexpected validation results, and feature requests belong in the public issue tracker.

There aren't any published security advisories