Security Policy

Supported Versions

The following versions of the project are actively supported for security updates:

Version	Supported
`v1.x`	✅ Fully supported
`<v1.0`	❌ No longer supported

Please ensure you're using the latest version of the project to receive the most up-to-date security fixes.

If you discover a security vulnerability in the project, please follow these steps:

Do not disclose the vulnerability publicly.
- Report it directly to the maintainers so a fix can be developed before disclosure.
Submit a private report:
- Alternative: open a private security advisory on GitHub if available.
Wait for acknowledgment:
- You should receive confirmation within 3 business days. If you don’t, please follow up.

Upon receiving a report, the maintainers will:
- Confirm the vulnerability.
- Investigate and develop a fix or mitigation.
Once a fix is ready:
- The reporter will be notified.
- A patch or release will be prepared.
- Security advisories will be drafted.
Public disclosure:
- The vulnerability will be disclosed publicly alongside the fix, after a reasonable grace period to allow users to update.

To help keep the project secure, contributors should follow these practices:

Validate Inputs:
- Always sanitize and validate user inputs to prevent injection vulnerabilities.
Principle of Least Privilege:
- Avoid running scripts or code with unnecessary privileges.
Protect Secrets:
- Never hardcode sensitive information (e.g., credentials, tokens, API keys).
- Use environment variables or secret managers.
Static Analysis / Linters:
- Run project-specific security tools before submitting contributions.
- For Bash projects, this includes:
```
shellcheck --shell=bash --external-sources -x -S style -f gcc <script.sh>
shfmt -i 4 -ci -bn -kp -sr -ln bash -d .
```
Secure Storage:
- Encrypt sensitive files and data at rest, or store them in secure locations only.

For additional security concerns or questions, please contact: