The django-heralder team and community take security bugs in django-heralder seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

Only the latest stable version of django-heralder receives security updates. Please ensure you are using the most recent version before reporting a vulnerability.

We use GitHub's private vulnerability reporting feature to receive vulnerability reports.

Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.

To submit a report:

1. Go to the "Report a vulnerability" page for the repository.
2. Provide a detailed report, including:
   • A descriptive title (e.g., "Cross-Site Scripting in preview view").
   • A detailed description of the vulnerability.
   • Clear, concise, and repeatable steps to reproduce the vulnerability.
   • The version(s) of django-heralder affected.
   • Any potential impact and/or mitigation suggestions.

A well-written report will help us validate and fix the vulnerability more quickly.

We are committed to addressing security issues responsibly and in a timely manner. Here is our process:

1. Acknowledgement: We will acknowledge receipt of your report within 5 business days.
2. Assessment: We will investigate and validate the issue. We will keep you informed of our progress.
3. Resolution: Once confirmed, we will work on a patch for the vulnerability on a private fork.
4. Release: We will release a new version that includes the fix.
5. Disclosure: After the release, we will publish the security advisory. We will credit you for your discovery unless you request to remain anonymous.

We aim to resolve and disclose vulnerabilities within 90 days of being reported.