Skip to content

Security: naerbnic/datalit

SECURITY.md

Security Policy

Supported Versions

We always support the most recent released version, and any prior versions that remain compatible via SemVer and are in active use. After each release, we may publish a small table of currently supported versions here.

Reporting a Vulnerability

To minimize spam and keep reports private, please use GitHub’s Private Vulnerability Reporting:

  • Go to the repository’s Security tab and click “Report a vulnerability,” or use this link: https://github.com/naerbnic/datalit/security/advisories/new
  • Provide as much detail as possible:
    • Affected crate(s) and versions
    • Environment and configuration
    • Steps to reproduce or a proof-of-concept
    • Expected vs. actual behavior and potential impact
    • Optional: a suggested CVSS score or severity

If you cannot use GitHub for any reason, open a new issue with the title “Security: request for secure channel” (no details) and we’ll provide an alternate contact method privately. Please do not include sensitive information in public issues or pull requests.

Response and disclosure policy

  • Acknowledgement: within 48 hours (2 business days)
  • Initial assessment: within 3 business days
  • Fix and coordinated disclosure timeline depends on severity and complexity; we’ll keep you updated and credit you in release notes (unless you prefer to remain anonymous).
  • Please avoid public disclosure until a fix is available and users have had a reasonable update window.

There aren't any published security advisories