We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depend on the CVSS v3.0 Rating:

If you discover a security vulnerability, please report it by sending an email to legal@bytebrush.dev. Please include as much information as possible to help us resolve the issue quickly.

When reporting security issues, please provide the following information:

1. Component(s) affected
2. A description of the vulnerability
3. Steps to reproduce the issue
4. Potential impact of the vulnerability
5. Suggested mitigation or remediation steps (if any)

We will coordinate with you to handle the vulnerability responsibly. Here's what you can expect:

1. Acknowledgement: We will respond to your report within 48 hours with an acknowledgement.
2. Verification: We will work to verify the vulnerability and its impact.
3. Remediation: We will develop a fix and test it.
4. Disclosure: We will coordinate with you on the public disclosure of the vulnerability after a fix is available.

We are committed to responding quickly to security issues and will keep you informed throughout the process.