The following versions of our projects are currently supported with security updates:
| Package | Version | Supported |
|---|---|---|
| WEBlsp | 0.x.x | ✅ |
| CSSlsrs | 0.x.x | ✅ |
A security vulnerability is a flaw or weakness in a system's design, implementation, operation, or management that could be exploited to violate the system's security policy. (Source: OWASP)
Please note that we will not accept reports related to vulnerabilities in other software, such as the IDEs that use our server or our dependencies. Additionally, we reserve the right to close reports that describe scenarios deemed highly unlikely or far-fetched.
We take security issues very seriously. If you discover a vulnerability, please report it through our private reporting form: Report a Security Vulnerability.
- Do not report vulnerabilities publicly via issues or discussions.
- Please provide as much detail as possible about the vulnerability to help us investigate and resolve it quickly.
- You will receive an acknowledgement of your report within 48 hours (working days).
- If the report is valid, in most cases, a fix will be published within one week of confirming the vulnerability.
Keep in mind that we are an open-source project, and our team is composed of volunteers. We will do our best to address the issue promptly, but we appreciate your understanding and patience.
Once the fix is deployed, a public security advisory will be published here: Security Advisories. If applicable, credit will be given to the reporter for their responsible disclosure.
We greatly appreciate your efforts to help us maintain the security of our projects.