We adhere to Semantic Versioning 2.0.0. Security updates are provided for the current major version.
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
Do not open a public GitHub issue for security vulnerabilities.
If you discover a security vulnerability in ReasonKit, please report it privately:
- Email: security@reasonkit.sh
- Response Time: We are committed to responding to security reports within 48 hours.
- Process:
- We will investigate and verify the issue.
- We will develop a patch.
- We will release a security advisory and a patched version.
- We will acknowledge your contribution (with permission).
We ask that you:
- Give us reasonable time to fix the issue before making it public.
- Do not exploit the vulnerability to view data, modify data, or disrupt service.
- Do not attack our users or infrastructure.
This project has undergone internal security audits. However, users should conduct their own security assessment before deploying in sensitive environments.