We take security seriously and appreciate responsible disclosures.
We generally support the latest minor release line with security fixes.
| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
| < 1.0 | ❌ No |
If in doubt, open a private report — we’ll clarify support on a case-by-case basis.
Do not open public issues for security problems.
Please report vulnerabilities via GitHub Security Advisories or email:
- GitHub: open a private advisory from the repository’s “Security” → “Advisories” page.
- Email: hook-press@teofanis-cloud.com (include “HookPress Security” in the subject)
Include as much detail as possible:
- Affected versions and environment
- A minimal reproduction or proof-of-concept
- Impact assessment (confidentiality / integrity / availability)
- Any suggested mitigations
We will acknowledge receipt within 48 hours and keep you informed of the fix timeline. Once a fix is available, we will publish a new release and coordinate disclosure.
Please give us reasonable time to investigate and release a patch before any public disclosure. We prefer coordinated disclosure with credit in the release notes, unless you request anonymity.
Thank you for helping keep HookPress and its users secure. 🙏