Skip to content

Security: Aaltuj/VxFormGenerator

SECURITY.md

Security Policy

Supported Versions

VxFormGenerator is under active development. Security fixes are most likely to land on the latest supported code on master and the newest published package versions.

Reporting A Vulnerability

Please do not report suspected vulnerabilities in public GitHub issues, pull requests, Discord, or other public channels.

Use this order of operations:

  1. If the repository has GitHub private vulnerability reporting enabled, use the Report a vulnerability flow in GitHub.
  2. If private reporting is not enabled, contact the maintainer privately through the repository owner's GitHub profile and ask for a private disclosure channel before sharing technical details.
  3. Share the affected package, impacted versions, reproduction details, and any suggested mitigation once a private channel is established.

Please include:

  • A clear description of the issue and impact
  • Reproduction steps or a proof of concept
  • Any known workarounds
  • Your preferred contact method for follow-up

We will acknowledge good-faith reports, validate the issue, and coordinate a fix and disclosure plan with the reporter when possible.

Temporary Limitation

This repository does not yet document a dedicated security mailbox. If private reporting is not enabled in GitHub, maintainers should add a durable private reporting path and update this policy.

There aren't any published security advisories