| Version | Supported |
|---|---|
v1.x (latest @v1) |
Yes |
| Older tags | Best effort |
Please do not open a public issue for security problems.
- Email the FasterApiWeb maintainers via the contact listed on the organization profile, or use GitHub Private vulnerability reporting on this repository if enabled (Security → Advisories → Report a vulnerability).
- Include impact, steps to reproduce, and affected versions/tags when possible.
- Allow reasonable time for a fix before public disclosure.
- Never commit PATs, App private keys, or
.pemfiles. - Consumers should store
FORK_SYNC_PATas an Actions secret. - Maintainers should store
RELEASE_APP_*(orRELEASE_TOKEN) as Actions secrets only. - This action authenticates Git over HTTPS with an Authorization header; do not embed tokens in remote URLs in contributions.
CI runs leash-secrets on pushes and pull requests. Critical findings block the check.