Security updates are provided on a best-effort basis.
In general:
- The latest released version is supported
- Older versions may not receive security fixes
Users are encouraged to stay up to date.
If you discover a security vulnerability, do not open a public issue.
Instead, please report it privately using one of the following methods:
- Email: your.name@example.com
- GitHub Security Advisories (preferred, if enabled)
Since this is a template project, the contact email has been left as a dummy, please update this while using the template in your project.
Please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested mitigation or fix
We ask that you follow responsible disclosure practices:
- Do not publicly disclose the issue until it has been reviewed
- Allow maintainers reasonable time to investigate and respond
- Avoid exploiting the vulnerability beyond proof-of-concept
We aim to acknowledge reports promptly and will work with you on disclosure timing where appropriate.
This project uses automated tooling to detect common security issues, including:
- Static analysis (e.g. Bandit)
- Dependency scanning (where applicable)
These tools are helpful but not a guarantee of security.
This security policy applies to:
- Source code under
src/,apps/, and related modules - Distributed artifacts produced from this repository
It does not apply to:
- Third-party dependencies
- Downstream projects using this code
Thank you for helping keep this project and its users safe.