Security policy

The Coderic development team (Coderic Development Team) takes security very seriously and aims to resolve issues as quickly as possible. Building secure software is a continuous process and can always be improved. As such, we welcome reports on possible security vulnerabilities, as well as suggestions on how to strengthen our software and our process.

Reporting a suspected vulnerability

It is important that suspected vulnerabilities be disclosed responsibly and not made public until they have been analyzed and a fix is available.

To report a security vulnerability, send an e-mail to [email protected].

If you want to work with us to resolve the security vulnerability, include your GitHub username in that e-mail and we will provide access to a temporary private fork where we can collaborate on a solution without it being disclosed publicly.

Do not open a public issue, submit a pull request, or publicly disclose any information about the suspected vulnerability. If you discover any publicly disclosed security vulnerability, notify us immediately via [email protected].

Supported versions

Depending on the severity of a vulnerability, the issue may be fixed in the current major.minor release, or—for lower-severity or hardening cases—in the next major.minor release. See https://coderic.org/downloads for the latest version.