Thank you for your interest in keeping the stock project secure. This document explains how to report security vulnerabilities, what to expect after reporting, and how we handle disclosures.
We aim to keep stock up to date and secure. Please see below for the versions we currently support with security updates.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
If you discover a security vulnerability, please do not open an issue on GitHub.
Instead, follow these steps:
- Email the maintainer directly
- Include the following details:
- Description of the vulnerability
- Steps to reproduce (if possible)
- Potential impact
- Any mitigation or workaround suggestions
We aim to respond to security reports within 72 hours..
We ask that you:
- Do not publicly disclose the issue until it has been resolved.
- Avoid testing vulnerabilities in a way that could disrupt services.
- Act in good faith and with respect for user data and privacy.
- We follow a coordinated disclosure approach.
- We appreciate responsible reporting and will publicly disclose the issue only after a fix has been released.
Security fixes will be merged into main and any supported release branches. We will publish release notes describing the fix and migration steps when required.
We value the contributions from the community and encourage responsible disclosure to help keep stock safe and secure for all users.