Security Policy¶
Supported Versions¶
The following table outlines which versions of Grompt currently receive security updates:
| Version | Supported |
|---|---|
| 1.0.x | :white_check_mark: |
| < 0.0 | :x: |
Note: Only the latest minor versions in each major release are supported with security updates. Older versions do not receive fixes.
Reporting a Vulnerability¶
If you discover a security vulnerability in Grompt:
- Do NOT disclose it publicly or via any public forum (including Discord).
- Please report it through one of these private channels:
- GitHub Security Advisories
- Or email: [maintainer@github.com/rafa-mori/ghbex] (replace this with your actual security contact email)
Include as much detail as possible, such as:
- A description of the vulnerability.
- Steps to reproduce or proof-of-concept.
- The impact, if known.
What to Expect¶
- Acknowledgement: We will acknowledge your report within 2 business days.
- Status Updates: You’ll receive updates at least every 7 days until we resolve or close the report.
- Resolution: We’ll work with you to verify and address the issue as quickly as possible.
- Credit: With your permission, we’ll credit you in our release notes.
Community Support¶
For general questions, help, or to join our community, visit our Discord server.
Please do not report security issues via Discord. Use the private channels listed above for vulnerability disclosures.
If you have questions about this policy, contact the maintainers through the channels above.