Skip to content

Security: IvanLarinDev/dropwheel

Security

SECURITY.md

Security Policy

We take the security of Dropwheel seriously. Thank you for helping keep the project and its users safe.

Supported versions

Dropwheel is under active development. Security fixes are applied to the latest release and the main branch. Older versions may not receive fixes.

Version Supported
latest
older

Reporting a vulnerability

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, report them privately using GitHub's private vulnerability reporting:

  1. Go to the Security advisories page.
  2. Click Report a vulnerability.
  3. Provide as much detail as you can (see below).

If private reporting is unavailable, please open a minimal placeholder issue asking a maintainer to contact you, without disclosing any vulnerability details.

What to include

To help us triage quickly, please include:

  • A description of the vulnerability and its potential impact.
  • Steps to reproduce, or a proof of concept.
  • The affected version, component, or file.
  • Any suggested mitigation, if known.

What to expect

  • We aim to acknowledge your report within a few business days.
  • We will investigate and keep you informed of progress.
  • Once a fix is available, we will coordinate disclosure and credit you if you wish.

We ask that you give us a reasonable amount of time to address the issue before any public disclosure. Thank you for practicing responsible disclosure.

There aren't any published security advisories