We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We take security seriously. If you discover a security vulnerability, please follow these steps:
- Do not open a public GitHub issue
- Do not disclose the vulnerability publicly until it has been addressed
- Email us at [email protected] with details of the vulnerability
- Provide a detailed description of the issue, including:
- Type of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Allow us time to respond and address the issue before public disclosure
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Assessment: We will assess the vulnerability and determine its severity
- Timeline: We will provide an estimated timeline for a fix
- Credit: If you wish, we will credit you in our security advisory and changelog
Security updates will be released as patch versions (e.g., 1.0.1) and announced via:
- GitHub Security Advisories
- Release notes
- CHANGELOG.md
To ensure your application remains secure:
- Keep the package updated to the latest version
- Review our CHANGELOG for security-related updates
- Follow Laravel security best practices
- Use HTTPS - Always serve your application over HTTPS
For all security inquiries: [email protected]
Thank you for helping keep our community safe!