We release patches for security vulnerabilities. Which versions are eligible receiving such patches depend on the versioning scheme used by the project.
| Version | Supported |
|---|---|
| 1.1.x | ✅ |
| 1.0.x | ❌ |
| 0.4.x | ✅ |
| < 0.4 | ❌ |
We take security very seriously. If you discover a security vulnerability within cojocarudavid.me, please send an email to the project team at [your contact email] instead of using the public issue tracker so we can work on a fix in advance of the vulnerability being disclosed publicly.
Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.
When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process. The role of primary handler is not always formalized, as it depends on the nature of the vulnerability, the availability of community members, and the process outlined for the particular project.
The security team will work to fix the issue as soon as possible. Once a patch has been created, the project's maintainers will be notified and will test the patch in as many configurations as possible.
We commit to keeping you informed about our progress towards resolving the security issue.
If you have suggestions on how this process could be improved please submit a pull request.