Security fixes are provided for the latest major release line.
| Version | Supported |
|---|---|
3.0.x |
✅ |
< 3.0 |
❌ |
Please report vulnerabilities privately.
- Use GitHub private vulnerability reporting for this repository (
Security->Advisories->Report a vulnerability). - If private reporting is unavailable, email:
infocyph@gmail.com. - Do not open a public issue for security vulnerabilities.
Please include:
- Affected package version(s)
- PHP version and runtime environment
- Reproduction steps or proof of concept
- Impact assessment (confidentiality/integrity/availability)
- Any known workaround
- Initial acknowledgment target: within 3 business days
- Triage target: within 7 business days
- Fix and release timeline depends on severity and exploitability
If a report is accepted, a patched release will be prepared and published. Credit will be provided unless you request otherwise.
This project follows coordinated disclosure:
- Keep details private until a fix is released
- Publish advisory/release notes after remediation
- Share CVE information when applicable
In scope:
- Vulnerabilities in code under
src/ - Supply-chain risks introduced by direct dependencies
Out of scope:
- Issues only affecting unsupported versions
- Local-only misconfiguration without a library defect