Hugoifier
|
1
|
# Security Policy |
|
2
|
|
|
3
|
## Reporting a Vulnerability |
|
4
|
|
|
5
|
If you discover a security vulnerability in Hugoifier, please **do not open a public GitHub issue**. |
|
6
|
|
|
7
|
Instead, email: |
|
8
|
|
|
9
|
**[email protected]** |
|
10
|
|
|
11
|
Include: |
|
12
|
|
|
13
|
- A description of the vulnerability and its potential impact |
|
14
|
- Steps to reproduce |
|
15
|
- Any relevant logs or proof-of-concept code |
|
16
|
- Your recommended fix, if you have one |
|
17
|
|
|
18
|
## What to Expect |
|
19
|
|
|
20
|
- **Acknowledgment** within 2 business days |
|
21
|
- **Assessment** — we may follow up for additional details |
|
22
|
- **Resolution** — critical issues targeted within 14 days |
|
23
|
- **Credit** — with your permission, we'll credit you in the release notes |
|
24
|
|
|
25
|
## Supported Versions |
|
26
|
|
|
27
|
We provide security updates for the latest version only. |
|
28
|
|
|
29
|
| Version | Supported | |
|
30
|
|---------|-----------| |
|
31
|
| Latest | ✅ | |
|
32
|
| Older | ❌ | |
|
33
|
|
|
34
|
## Scope |
|
35
|
|
|
36
|
This policy covers Hugoifier's first-party code. Vulnerabilities in third-party dependencies (`anthropic`, `openai`, `google-generativeai`, `pyyaml`) should be reported upstream, though we appreciate a heads-up so we can update our dependencies promptly. |
|
37
|
|
|
38
|
## Thank You |
|
39
|
|
|
40
|
We value responsible disclosure and appreciate the effort it takes. Thank you for helping keep Hugoifier safe. |
|
41
|
|