We take the security of our software seriously. If you believe you have found a security vulnerability, please report it to us following these guidelines:
- DO NOT create a public GitHub issue for the vulnerability
- Email your findings to:
- Primary: [email protected]
- Secondary: [email protected]
Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected versions
- Any potential impacts
- Optional: Suggested fixes or mitigations
- We will acknowledge receipt of your vulnerability report within 48 hours
- We aim to send a more detailed response within 5 business days
- We will keep you informed of our progress throughout the process
Security updates will be released as soon as possible after we have confirmed and fixed the vulnerability. Updates will be published through:
- GitHub releases
- Security advisories
- Email notifications to affected parties (if applicable)
As an open-source project under the Apache 2.0 license, we focus our security updates on the latest stable release. While you're free to use any version as per the Apache 2.0 license terms, we strongly recommend using the most recent version for the best security posture.
| Version | Security Updates |
|---|---|
| Latest Release | ✅ Active |
| Previous Releases |
Note: The Apache 2.0 license comes with NO WARRANTIES or CONDITIONS of any kind, either express or implied. Users are responsible for their own security assessment when using any version of this software.
When using this software, please follow these security best practices:
- Keep your private keys secure and never share them
- Regularly update to the latest version
- Review transaction details before signing
- Use appropriate access controls in production environments
Currently, we do not offer a bug bounty program. However, we greatly appreciate responsible disclosure of security vulnerabilities.
This security policy is part of our project licensed under Apache 2.0.