We take security seriously and appreciate your efforts to make JG\Config safer. This document outlines how to report vulnerabilities and the steps we take to address them.
We actively support and patch vulnerabilities in the latest stable and release candidate versions of the library.
| Version | Supported |
|---|---|
| 1.0.0+ | ✅ Supported |
| Older versions | ❌ No longer supported |
If you discover a security vulnerability, please follow these steps:
-
Do Not Open a Public Issue:
- Avoid posting vulnerabilities in public forums, as it can expose users to risk.
-
Contact Us:
- Email the maintainer at [email protected] with the subject
Security Report. - Include detailed information:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Any potential impact or risk.
- Email the maintainer at [email protected] with the subject
-
Response Timeline:
- We will acknowledge your report within 48 hours.
- We aim to issue a fix within 7 business days, depending on complexity.
Once the vulnerability is resolved, we will:
- Notify affected users.
- Release a patched version of the library.
- Credit the reporter (if desired).
Thank you for helping us maintain a secure project!
SECURITY POLICY: v1.0.0
Updated: December 5th 2024