As a solo developer, I currently only support the latest version of kado-proxy with security updates.
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
I take the security of kado-proxy seriously. If you have discovered a security vulnerability, I appreciate your help in disclosing it to me in a responsible manner.
To report a security vulnerability, please follow these steps:
-
Do not report security vulnerabilities through public GitHub issues.
-
Email me directly at [email protected]. If possible, please encrypt your message using my Keybase public key, can be found at https://keybase.io/janpreet.
-
Include as much information as possible in your report:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any possible mitigations you've identified
-
Allow me some time to review and respond to your report. As a solo developer, I'll do my best to address the issue as quickly as possible, but please understand that it might take some time.
When you submit a vulnerability report, you can expect the following from me:
-
I will confirm receipt of your vulnerability report within 3 business days.
-
I will provide an initial assessment of the report within 10 business days.
-
I will keep you informed about the progress of fixing and publicly disclosing the vulnerability.
-
I will credit you for discovering and reporting the vulnerability (unless you prefer to remain anonymous).
When I receive a security bug report, I will:
- Confirm the problem and determine the affected versions.
- Audit the code to find any potential similar problems.
- Prepare fixes for all supported versions.
- Release new versions as soon as possible.
If you have suggestions on how this process could be improved, please submit a pull request or open an issue to discuss.