Busen is currently released as an early-stage v0.x library.
Security fixes are applied to:
- the latest released tag in the current
v0line - the latest code on the default branch when the fix has not yet been released
Older tags are not guaranteed to receive backported fixes unless stated otherwise.
Please do not report security vulnerabilities in public GitHub issues or pull requests.
Use one of these private channels instead:
- Open a private GitHub security advisory if the repository has security advisories enabled.
- Otherwise, contact the repository owner through the public contact information associated with the project.
When reporting a vulnerability, include as much of the following as possible:
- A description of the issue and the affected area
- The impact you believe it may have
- Steps to reproduce, if known
- A proof of concept or minimal example, if safe to share
- Suggested mitigations, if available
The maintainers will try to:
- Acknowledge receipt within a reasonable time
- Confirm whether the report is being investigated
- Coordinate a fix and disclosure timeline when the report is valid
Please allow maintainers reasonable time to investigate and prepare a fix before any public disclosure.