Report Security Issues
Security is paramount for Astroluma.
Supported Versions
The current version, along with the previous minor versions and the last five releases, are actively supported. Any versions older than these, including those from the previous major release, are no longer maintained or monitored, so their security cannot be guaranteed.
Reporting a Security Issue
If you believe you've discovered a critical issue, please email me at [email protected]. Security reports are treated with high priority, and you can expect a response within 48 hours.
For non-critical issues, please raise an issue on Github repo and include the following details to help us address the problem effectively:
-
Type of Issue: Specify the nature of the issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.).
-
Source File Details: Provide the full paths of the source file(s) where the issue is observed.
-
Code Location: Mention the relevant tag, branch, commit, or provide a direct URL to the affected code.
-
Configuration Details: List any special configurations needed to reproduce the issue.
-
Reproduction Steps: Include clear, step-by-step instructions to replicate the issue.
-
Proof-of-Concept: Attach proof-of-concept or exploit code, if available.
-
Impact: Explain the potential impact of the issue and describe how an attacker might exploit it.
This information will help us assess and resolve the issue promptly.
Please refrain from raising issues in this repository related to ReactJS. We are already using the latest versions of these dependencies, so any problems should be directed to the React team. The same applies to other development dependencies, as they are also up-to-date.