Hugoifier
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in Hugoifier, please do not open a public GitHub issue.
Instead, email:
Include:
- A description of the vulnerability and its potential impact
- Steps to reproduce
- Any relevant logs or proof-of-concept code
- Your recommended fix, if you have one
What to Expect
- Acknowledgment within 2 business days
- Assessment — we may follow up for additional details
- Resolution — critical issues targeted within 14 days
- Credit — with your permission, we'll credit you in the release notes
Supported Versions
We provide security updates for the latest version only.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
Scope
This policy covers Hugoifier's first-party code. Vulnerabilities in third-party dependencies (anthropic, openai, google-generativeai, pyyaml) should be reported upstream, though we appreciate a heads-up so we can update our dependencies promptly.
Thank You
We value responsible disclosure and appreciate the effort it takes. Thank you for helping keep Hugoifier safe.