If you discover a security vulnerability in this repository (dmno-dev/varlock), please follow these steps:
-
Do not create a public issue.
- To protect users, please report vulnerabilities privately using GitHub's private reporting feature
- OR alternatively email: [email protected]
-
Include Relevant Details:
- Describe the vulnerability and potential impact.
- Include steps to reproduce, if possible.
- Suggest remediation or mitigation strategies if you have them.
| Version | Supported |
|---|---|
| main/latest | ✅ |
| past releases | ❌ |
We generally support the most recent release on the main branch. Older versions may not receive security updates.
- We aim to respond to vulnerability reports within 2 business days.
- Once confirmed, we will work to resolve the issue and coordinate disclosure.
- You will be notified when the issue is resolved and if a public advisory will be published.
We ask that you:
- Act in good faith and avoid data destruction or service disruption.
- Allow reasonable time for remediation before public disclosure.
Thank you for helping keep varlock and its users safe!