Please do not open a public GitHub issue for security vulnerabilities.
If you discover a security vulnerability, please report it by sending an email to siosig@gmail.com with:
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Affected versions
- Potential impact
We take security seriously and will:
- Acknowledge your report within 24 hours
- Investigate and confirm the vulnerability
- Release a patch within 7 days for confirmed critical issues (best effort)
- Coordinate disclosure — we will publicly disclose the vulnerability only after a stable release containing the fix is available
Security updates are provided for the latest stable release. Users are encouraged to upgrade to the latest version.
| Version | Supported |
|---|---|
| Latest | ✅ Supported |
| Older |
Once a security fix is released in a stable version, we will:
- Document the vulnerability in the release notes
- Credit the reporter (unless they prefer anonymity)
- Provide guidance for affected users to upgrade