Skip to content

Security: tts-empire/spawnwp

SECURITY.md

Security Policy

Reporting a vulnerability

Please report security vulnerabilities privately. Do not open a public issue, pull request or discussion for them.

Preferred — GitHub private vulnerability reporting: open a private report at https://github.com/tts-empire/spawnwp/security/advisories/new (or Security → Report a vulnerability on the repository). This creates a private advisory visible only to you and the maintainers.

Alternative: use the contact concierge on https://spawnwp.com and choose Security. Your report reaches the maintainers privately by email.

Please include:

  • a description of the issue and its impact,
  • the SpawnWP version and the operating system,
  • clear steps to reproduce, with a proof of concept if possible.

What to expect

  • We aim to acknowledge your report within a few days.
  • We will investigate, keep you updated, and coordinate a fix and its disclosure.
  • Please give us reasonable time to release a fix before any public disclosure. We are happy to credit reporters who follow this process.

Supported versions

Security fixes are provided for the latest released version. Please update to the current release before reporting, in case the issue has already been fixed.

There aren't any published security advisories