If you discover a security vulnerability in this project, please report it privately using one of the following methods:
This repository ships no real tenant identifiers, no recovery keys, no tokens, and no production credentials. If you discover content that appears to be a real secret, recovery key, tenant identifier, or personal data, please report it privately through the repository's security advisory process rather than opening a public issue.
Note: Private vulnerability reporting via GitHub Security Advisories is only available for public repositories. If this repository is private, please use the email option below, or wait until the repository is made public to use this feature.
- Navigate to the Security tab of this repository
- Click Report a vulnerability
- Fill out the security advisory form with details about the vulnerability
This allows for private discussion and coordinated disclosure.
Use the direct private vulnerability reporting link:
When reporting a vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes or mitigations (if known)
We will acknowledge receipt of your vulnerability report within 48 hours and aim to provide a more detailed response within 7 days, including:
- Confirmation of the vulnerability
- An assessment of severity
- An estimated timeline for a fix
We follow coordinated disclosure practices:
- Private Report: Report vulnerabilities privately using the methods above
- Assessment: We assess the vulnerability and determine severity
- Fix Development: We develop and test a fix
- Release: We release the fix and publish a security advisory
- Public Disclosure: After the fix is released, details may be disclosed publicly
We appreciate your help in keeping this project secure!
| Version | Supported |
|---|---|
| latest | ✅ |
Only the latest version of this project receives security updates. Users are encouraged to update to the latest version promptly.