We take security issues seriously and will respond swiftly to fix verifiable issues. We support the following versions of Zappy with security updates:
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
If you find a security vulnerability in Zappy, please report it to us via the following process:
- Open an Issue: Go to the Issues section of our GitHub repository and create a new issue with the label
security. - Include Details: Provide detailed information about the vulnerability, including steps to reproduce, potential impact, and any possible fixes you are aware of.
- Do Not Disclose Publicly: Do not disclose the vulnerability publicly until we have addressed it and released an official fix.
We will acknowledge your issue within 48 hours and will send a more detailed response within 5 business days, indicating the next steps in handling your report.
To protect our users, we request that vulnerabilities not be publicly disclosed until we have been able to investigate and resolve the issue. We commit to handling vulnerabilities in a professional and prompt manner.
We will release security updates as necessary and will notify users of critical vulnerabilities and their fixes. Please keep your installation up to date to ensure you are running the latest secure version of Zappy.
If you have any questions or concerns about our security policy or procedures, you can contact us via Discord or by opening an issue.
Thank you for helping us keep Zappy secure!