Skip to content

Security: DataDave-Dev/weftmap

SECURITY.md

Security Policy

🌐 Language: English · Español

Weftmap parses arbitrary, user-submitted source code through a public API endpoint (/api/analyze). We take the security of the project and its users seriously and appreciate responsible disclosure.

Supported versions

Weftmap is a continuously deployed web application. Only the latest version running on the main branch (and its current production deployment) is supported. Please report issues against the latest code.

Reporting a vulnerability

Do not open a public GitHub issue for security vulnerabilities.

Report privately through either of these channels:

Please include:

  • A clear description of the issue and its impact.
  • Steps to reproduce (a minimal proof of concept if possible).
  • Affected endpoint, file, or component.
  • Any suggested remediation, if you have one.

What to expect

  • Acknowledgement within 5 business days.
  • An initial assessment and severity estimate after triage.
  • Updates on remediation progress until the issue is resolved.
  • Credit in the advisory once a fix ships, unless you prefer to stay anonymous.

Please give us reasonable time to address the issue before any public disclosure. Thank you for helping keep Weftmap and its users safe.

There aren't any published security advisories