If you discover a security vulnerability in WeatherCLISample, please report it privately. Do not open a public GitHub issue for security problems.
Email: security@example.com
Please include:
- A description of the vulnerability and its impact.
- Steps to reproduce (proof-of-concept welcome).
- The version of WeatherCLISample affected (
weather-cli-sample --versionor commit SHA). - Your environment (OS, Node.js version).
- Acknowledgement: within 48 hours of your report.
- Initial assessment: within 7 days.
- Fix or mitigation: depends on severity, but we aim for 30 days for high-severity issues.
We will keep you informed throughout the triage and resolution process and will credit you in the changelog (unless you prefer to remain anonymous).
| Version | Supported |
|---|---|
| 0.1.x | Yes |
| < 0.1 | No |
Only the latest minor release line receives security patches. Please upgrade to the latest 0.1.x release before reporting a vulnerability.
We follow a coordinated disclosure model:
- You report the vulnerability privately.
- We confirm and develop a fix.
- We release the fix and publish a security advisory.
- After 7 days (or sooner if you prefer), public details are disclosed.
Thank you for helping keep WeatherCLISample and its users safe.