Only the latest version of vassago (v0.x) is currently supported with security updates.
If you discover a security vulnerability in vassago, we appreciate your help in disclosing it to us responsibly.
Please report security vulnerabilities through GitHub's Security Advisory feature. This ensures the report reaches maintainers directly and stays private until resolved.
- Acknowledgement: You will receive an initial acknowledgement within 48 hours of your report.
- Triage: We will triage the vulnerability within 5 business days and provide an estimated timeline for a fix.
We support safe harbor for security researchers who:
- Act in good faith and do not engage in unauthorized testing of systems beyond the scope of the vulnerability.
- Avoid privacy violations, destruction of data, or disruption of our services.
- Provide us with reasonable time to address the vulnerability before disclosing it publicly.
We prefer vulnerability reports in English.
This policy may be updated as needed. Changes will be reflected in this document.
Thank you for helping keep vassago and its users safe!