We are committed to ensuring the security of CompileFlow. Security patches and updates will be provided for the following versions:
| Version | Supported |
|---|---|
2.x |
✅ |
1.x |
❌ |
The CompileFlow team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.
To report a vulnerability, please use the private GitHub Security Advisories feature.
- Create a new security advisory on the CompileFlow repository.
- Provide a detailed description of the vulnerability, including steps to reproduce it.
This is the preferred and most effective way to report a vulnerability, as it ensures your report is handled securely and efficiently.
IMPORTANT: Please do not open public GitHub issues for security vulnerabilities.
When you report a vulnerability, we commit to the following:
- We will acknowledge receipt of your report within 48 hours.
- We will provide you with an estimated timeline for addressing the vulnerability.
- We will keep you informed of our progress.
- We will publicly credit you for your discovery (unless you prefer to remain anonymous).
Our security handling process is as follows:
- Triage: We will verify the vulnerability and assign a severity level using CVSS (Common Vulnerability Scoring System).
- Fix: We will develop a patch to address the vulnerability.
- Release: We will issue a new release that includes the patch.
- Disclosure: We will publish a security advisory detailing the vulnerability and the fix. We will coordinate the disclosure with you.
Thank you for helping keep CompileFlow secure.