We actively maintain and support the following Graphite versions:
| Version | Supported | Note |
|---|---|---|
v0.x |
✅ Yes | Supported until v1.x |
| Dev / Main | ✅ Latest Dev |
Security fixes are applied to all supported versions.
If you discover a security issue in Graphite, do not create a public issue.
Please report it in Security tab in GitHub repository (you need a GitHub account).
- Acknowledgment: We confirm receipt of the report within 48 hours.
- Investigation: The maintainers verify the issue and assess its impact.
- Resolution: A fix or mitigation plan is created.
- Disclosure Coordination: Coordinated disclosure is agreed upon with the reporter.
- Release: Security patch is released for all supported versions.
- Public Advisory: A security advisory is published in the repository and release notes.
- Do not commit secrets (API keys, passwords, tokens) in the repository.
- Follow secure coding practices for all features.
- Validate all input and handle errors safely.
- Dependencies must be up-to-date and maintained.
- Avoid unsafe Rust code unless strictly necessary, and document justification.
If you believe someone is using Graphite to perform malicious actions or misusing security features:
- Contact the maintainers via email: mahan.khalili.001@gmail.com
- Include a detailed description and any evidence.