Security Policy

Supported Versions

Only the latest version on the main branch is actively supported with security updates.

If you are running an older version, please update before reporting issues.

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly.

Do NOT open a public GitHub issue.

Instead, report it privately using one of the following:

• 🌐 https://sami.is-a.dev
• 📧 Contact via details listed on the website

When reporting, please include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Affected files, versions, or commits
• Any proof-of-concept or screenshots (if available)
• Potential impact or severity

Response Timeline

We aim to:

• Acknowledge reports within 7 business days
• Provide updates as the issue is investigated
• Release a fix or mitigation as soon as reasonably possible

Responsible Disclosure

Please allow reasonable time for the vulnerability to be fixed before any public disclosure. Responsible disclosure helps keep users and contributors safe.

Security Scope

This policy applies to:

• Source code in this repository
• Build scripts and configuration files
• Any official releases of this project

Third-party dependencies should be reported to their respective maintainers unless the issue is caused by integration in this project.

Thank you for helping keep this project secure.