Security Policy

Version Support

Currently, the latest version of MultiformatsKit supports security vulnerability reports.

Reporting a Vulnerability

Please don’t report possible security vulnerabilities in public forums, channels, or services. This includes the Issues section on GitHub, Discord, or some other service. Instead, please go to Security > Advisories and click on New Draft Security Advisory. Alternatively, you can email me at security@cjrriley.com with the subject line MultiformatsKit Security Issue: [title of vulnerability]. Please type out what you found, how to reproduce the steps, a possible link to a sample project that can reproduce the error, and any other additional information that could help me fix the problem.

I will get back to you within three business days, along with a follow-up when I fix the vulnerabilities. Once I fixed it, you’re free to discuss it.

If you’d like for me to add you to the CONTRIBUTORS file, please give me the following details:

• Your name; whether it’s:
  • First and last name (optional)
  • Your username on some Git service (GitHub, GitLab, Bitbucket) (optional)
  • An alias (required if you don’t want to use the above options)
• Email address (optional)
• Social media (up to three; Bluesky link encouraged!)
• Website (optional)