We support the latest main branch and the most recent tagged release. Older snapshots may contain unpatched vulnerabilities.
| Version | Supported |
|---|---|
| main | ✅ |
| latest release | ✅ |
| older releases | ❌ |
- Email the maintainers at security@skeptic.dev with the subject line
SECURITY REPORT. - Optionally open a private GitHub Security Advisory if supported by this repository.
- Do not create a public issue for security findings.
Please include:
- A clear description of the vulnerability
- Steps to reproduce or proof of concept
- Expected vs. actual behavior
- Any known mitigations
We aim to acknowledge reports within 48 hours, provide an initial assessment within 5 business days, and share remediation updates every week until the issue is resolved.
- We will validate the vulnerability and determine severity and scope.
- Once a fix is available, we will coordinate a release and credit reporters (if requested).
- We request that you do not publicly disclose the vulnerability until we have released a fix or 45 days have passed, whichever comes first.
Thank you for helping keep the Website project secure.