Skip to content

Security: aj-nt/vassago

Security

SECURITY.md

Security Policy

Supported Versions

Only the latest version of vassago (v0.x) is currently supported with security updates.

Reporting a Vulnerability

If you discover a security vulnerability in vassago, we appreciate your help in disclosing it to us responsibly.

How to Report

Please report security vulnerabilities through GitHub's Security Advisory feature. This ensures the report reaches maintainers directly and stays private until resolved.

Response Time

  • Acknowledgement: You will receive an initial acknowledgement within 48 hours of your report.
  • Triage: We will triage the vulnerability within 5 business days and provide an estimated timeline for a fix.

Safe Harbor

We support safe harbor for security researchers who:

  • Act in good faith and do not engage in unauthorized testing of systems beyond the scope of the vulnerability.
  • Avoid privacy violations, destruction of data, or disruption of our services.
  • Provide us with reasonable time to address the vulnerability before disclosing it publicly.

Preferred Languages

We prefer vulnerability reports in English.

Policy Changes

This policy may be updated as needed. Changes will be reflected in this document.

Thank you for helping keep vassago and its users safe!

There aren't any published security advisories