We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 1.0.x | β |
We take the security of GitViz seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- Open a public GitHub issue
- Disclose the vulnerability publicly before it has been addressed
- Email the details to the repository maintainers (check GitHub profile for contact)
- Include the following information:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- We will acknowledge your email within 48 hours
- We will provide a more detailed response within 7 days
- We will work on a fix and release it as soon as possible
- We will credit you in the release notes (unless you prefer to remain anonymous)
When using GitViz:
- Only analyze repositories you trust
- Be cautious when sharing generated HTML files as they may contain sensitive commit messages
- Keep GitViz updated to the latest version
- Review the generated visualizations before sharing publicly
When we receive a security bug report, we will:
- Confirm the problem and determine affected versions
- Audit code to find similar problems
- Prepare fixes for all supported versions
- Release new versions as soon as possible
Thank you for helping keep GitViz and its users safe!