We actively support the following versions with security updates:
| Version | Supported |
|---|---|
| 3.x.x | ✅ (current) |
| 2.x.x | ✅ (security and critical fixes) |
| 1.x.x | ✅ (security updates only) |
| < 1.0.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:
- Do not open a public GitHub issue
- Report the vulnerability using one of these methods:
- Use GitHub's Security Advisory feature (recommended)
- Contact the maintainer via GitHub profile (email available on profile)
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to:
- Acknowledge receipt of your report within 48 hours
- Provide a detailed response within 7 days
- Keep you informed of the progress toward a fix
- Complete the fix and release within 30 days (depending on severity)
- We will work with you to understand and resolve the issue quickly
- Security vulnerabilities will be disclosed publicly after a fix is available
- We follow responsible disclosure practices
- Credit will be given to the reporter (unless requested otherwise)
When using rxjs-poll:
- Always keep your dependencies up to date
- Review the changelog for security-related updates
- Use the latest supported version when possible
- Report any suspicious behavior or potential security issues
Thank you for helping keep rxjs-poll and its users safe!