Only the most recent version of GridQL is actively supported with security updates.

We take all security bugs in GridQL seriously. Thank you for improving the security of GridQL. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

Please report (suspected) security vulnerabilities to our GitHub Issues. You are also encouraged to use the issue tracker for new issues and updates. Please include the steps to reproduce the vulnerability and any possible impacts.

Once the report is received, the following actions will be taken:

• I will confirm the receipt of your vulnerability report and start investigating the issue immediately.
• Within 3 days, I will work to verify the vulnerability and determine the affected versions.
• Within 7 days of verifying a legitimate vulnerability, I aim to release the necessary patches to address the issue and provide mitigation steps if applicable.

GridQL is a JavaScript library designed to support web applications, not an actual web application. This distinction is important as it may impact the security context and the nature of potential vulnerabilities.

This project is maintained by an individual. While efforts are made to ensure robust security, the resources for testing and patching are limited compared to larger projects.

If this project is important to you or your business, I would love PRs.

For any further information about the security in GridQL, please open a GitHub issue or check existing discussions in the issues section.