| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in any Tolki package, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please send an email to [[email protected]] with the following information:
- A description of the vulnerability
- Steps to reproduce the issue
- The affected package(s) and version(s)
- Any potential impact
You should receive a response within 48 hours acknowledging receipt. We will work with you to understand the issue and coordinate a fix and disclosure timeline.
- We will confirm receipt of your report within 48 hours.
- We will provide an estimated timeline for a fix within 7 days.
- We will notify you when the vulnerability has been fixed.
- We will credit you in the release notes (unless you prefer to remain anonymous).