We're extremely grateful for security researchers and users who report vulnerabilities they discovered in modelpack. All reports are thoroughly reviewed and investigated.
You should report if:
- You think you have discovered a potential security vulnerability in modelpack
- You are uncertain about the security impact of an issue you found in modelpack
Please report a vulnerability using GitHub’s Security Advisories. Do not create a public issue, pull request, or discussion.
To submit a report, navigate to the community repository's main page, open the Security tab, select Advisories from the sidebar, click Report a vulnerability, provide the required details, and submit. This process will create a private advisory visible only to the maintainers for review.
Our maintainers will review and respond to your report within 5 working days. Depending on the severity and complexity of the issue, resolution times may vary, but we will keep you informed throughout the process.
We only provide security fixes for the latest major version.
| Version | Security Fixes Provided |
|---|---|
@latest |
Yes |
| Older versions | Not Guaranteed |
The disclosure date will be agreed upon between the modelpack maintainers and the reporter. In general:
- Immediate disclosure may occur if the issue is already public.
- For vulnerabilities with straightforward fixes, disclosure is typically within 7 days of the report.
- For complex issues requiring more time to investigate and validate fixes, disclosure may be delayed—up to a maximum of 90 days.
Delays may also be necessary if the bug or fix is not yet fully understood or adequately tested.