The following versions of commonprops are currently supported with security updates:
| Version | Supported |
|---|---|
| main | ✅ |
| < 1.0 | ❌ |
Note: This project is currently in pre-1.0 development. Security fixes are applied to the main branch. Once version 1.0 is released, this policy will be updated to reflect supported release versions.
We take the security of commonprops seriously.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities via one of the following methods:
-
GitHub Security Advisories (preferred): Use GitHub's private vulnerability reporting
-
Email: Contact the maintainer directly (see GitHub profile for contact information)
You can also send to security@theroyalwhee.com. See https://www.theroyalwhee.com/security/policy/
Please include as much of the following information as possible:
- Type of vulnerability
- Step-by-step instructions to reproduce the issue
- Affected versions or commits
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
- Initial Response: Within 72 hours of your report
- Status Update: Within 2 weeks
- Fix Timeline: Based on severity and complexity
- Credit: Security researchers will be credited in release notes unless they prefer to remain anonymous
Security issues of particular concern for commonprops include:
- Type system exploits that could lead to unsound types
- Dependency vulnerabilities
- Supply chain security issues
Thank you for helping keep commonprops and its users safe!