Skip to content

Latest commit

 

History

History
54 lines (35 loc) · 2.32 KB

SECURITY.md

File metadata and controls

54 lines (35 loc) · 2.32 KB

Security Policy

Supported Versions

The following versions of the get_time_ago package are currently being supported with security updates:

Version Supported
2.x.x
1.3.x
1.2.x
0.x.x

If you are using an older, unsupported version, we recommend upgrading to the latest version to benefit from security fixes.

Reporting a Vulnerability

We take security issues seriously. If you discover any security vulnerabilities or potential issues in the package, please report them to us privately to allow us to investigate and address the issue before it is publicly disclosed.

To report a vulnerability:

  • Email: [[email protected], [email protected]]
  • Subject: Security Issue in get_time_ago Package
  • Information to include:
    • A description of the vulnerability
    • Steps to reproduce (if applicable)
    • The impact of the vulnerability
    • Any potential fixes or patches

Please do not publicly disclose security vulnerabilities until we have confirmed and addressed them. We will work quickly to investigate and fix the issue.

Response Time:

We aim to respond to vulnerability reports within 48 hours and will work closely with you to understand and resolve the issue as quickly as possible.

Security Best Practices

When using the package in your project, consider the following security best practices:

  1. Keep the package up to date:
    Always use the latest version of the package to ensure you have the most recent security fixes and updates.

  2. Review dependencies:
    Ensure that all other dependencies in your project are up-to-date and free from vulnerabilities. Use tools like pub outdated to identify and update outdated packages.

Patching and Updates

We commit to regularly reviewing and updating the package with necessary security patches. Critical security vulnerabilities will be patched and released as soon as possible. If a critical fix is required, we will:

  • Prioritize the vulnerability fix
  • Release a patch version immediately
  • Notify users through the release notes and the changelog

By adhering to these guidelines, you help ensure a more secure experience when using the get_time_ago package.