Skip to content

Latest commit

 

History

History
47 lines (26 loc) · 2.39 KB

SECURITY.md

File metadata and controls

47 lines (26 loc) · 2.39 KB

Security Policy

Thank you for helping keep wayofdev/laravel-symfony-serializer and its users safe. We greatly appreciate your efforts to disclose security vulnerabilities responsibly.


🙋‍♂️ Supported Versions

Only certain versions of wayofdev/laravel-symfony-serializer are currently being maintained with security updates. Please use or upgrade to one of these supported versions:

Version Supported
x.y.z

Please ensure that you are using one of these supported versions before reporting a security issue.


🗜️ Unsupported Versions

Versions listed below are no longer supported with security updates. We recommend upgrading to a supported version as soon as possible:

Version Supported
x.y.z

🚨 Reporting a Vulnerability

We take all security bugs in wayofdev/laravel-symfony-serializer seriously. Please follow the instructions below to report security vulnerabilities.

→ How to Report a Vulnerability

  1. GitHub Security Advisories: Please report security issues directly through our GitHub Security Advisories page: https://github.com/wayofdev/laravel-symfony-serializer/security/advisories/new. This ensures that sensitive information is handled confidentially.

  2. Empty Security Issue: After submitting through GitHub Security Advisories, please also create an empty security issue to alert us, as GitHub Advisories do not send automatic notifications. This can be done here.

  3. Direct Contact: For highly sensitive information, in addition to the GitHub Security Advisories, please email us directly at [email protected] with the subject line "SECURITY - Vulnerability Report". This will be treated with the highest priority.

Please do not discuss potential security issues in public forums or through our public GitHub issues tracker.

❌ Third-Party Bug Bounty Platforms

At this moment, we DO NOT accept reports from third-party bug bounty platforms to minimize risk. All vulnerability reports should come through the specified channels above.