These are the current supported versions of Alexandria. They will receive security patches. If you're running an outdated code, we urge you to upgrade to the latest version as to avoid any data theft and/or security breaches.
| Version | Supported |
|---|---|
| 0.0.x | ✅ |
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.
If you found a vulnerability in our code, you can privately disclose it to us sending an email to [email protected] with the subject "Alexandria Security Vulnerability" and we will acknowledge it within 24 hours. You’ll receive a more detailed response to your email within 48 hours indicating the next steps in handling your report. While we cannot pay bounties for vulnerabilities disclosed, we will thank you immensely.
After the initial reply to your report we will endeavor to keep you informed of the progress being made towards a fix and full announcement. These updates will be sent at least every five days.
Please, use the following template for security vulnerability disclosure.
Emergency Level:
- Light: minor vulnerabilities like a small data leakage that does not include personal data beyond a list of an user's books.
- Heavy: all other sorts of vulnerabilities that may lead to a leakage of users' personal data such as email and password. Also included vulnerabilites that may bypass our systems to spread malware to our users using Man-in-the-middle or other sorts of attacks.
Steps to reproduce the vulnerability: Include anything we must do to reproduce the security breach.
Unsecure Files If you know which files are creating this breach, feel free to tell us here.
Extra Context Do you want to say more about the breach? Use the space here.