Skip to content

Security: dayu-autostreamer/dayu

SECURITY.md

Security

Reporting a Vulnerability

Please do NOT report security vulnerabilities through public GitHub issues. Instead, use one of the following methods:

Include in your report:

  • Detailed description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Affected versions (if known)

We will acknowledge your report within 3 business days and provide a timeline for resolution.

Security Update Process

  1. Confirmation:
    The security team will verify the vulnerability.
  2. Patch Development:
    A fix will be developed in a private repository branch.
  3. Release:
    Patches are released within 7 days of confirmation via:
  4. CVE Assignment:
    Critical vulnerabilities will receive a CVE identifier (if applicable).

Supported Versions

Dayu currently commits to supporting the n-1 version minor version of the current major release; as well as the last minor version of the previous major release.

Disclosure Policy

  • Coordinated Disclosure:
    Vulnerabilities are disclosed publicly after a patch is released.
  • Timeline Transparency:
    Major vulnerabilities will have a public timeline in GitHub Security Advisories.

Acknowledgments

We credit security researchers who follow responsible disclosure practices. If you wish to be acknowledged, please specify your preference (name/handle or anonymous).

There aren't any published security advisories