Skip to content

Security: dknauss/Maestro

Security

SECURITY.md

Security Policy

Supported versions

Security fixes are targeted at the latest released version of Maestro. Older releases may receive fixes when the issue is severe and a safe backport is practical.

Reporting a vulnerability

Please do not open a public GitHub issue or pull request for a suspected vulnerability.

Use GitHub's private vulnerability reporting / Security Advisory flow for this repository. If that is unavailable, contact the maintainer privately through the contact options on the maintainer's GitHub profile and include only the minimum detail needed to establish a private channel.

A good initial report includes:

  • affected version or commit;
  • high-level impact;
  • WordPress/PHP/browser environment;
  • whether authentication or a specific role is required.

Avoid publishing exploit details until a fix is available and coordinated disclosure is agreed.

Expected response

  • Initial acknowledgement target: within 7 days.
  • Triage/update target: within 14 days after acknowledgement.
  • Fix timing depends on severity, reproducibility, and release risk.

There aren't any published security advisories