We always support the most recent released version, and any prior versions that remain compatible via SemVer and are in active use. After each release, we may publish a small table of currently supported versions here.
To minimize spam and keep reports private, please use GitHub’s Private Vulnerability Reporting:
- Go to the repository’s Security tab and click “Report a vulnerability,” or use this link: https://github.com/naerbnic/datalit/security/advisories/new
- Provide as much detail as possible:
- Affected crate(s) and versions
- Environment and configuration
- Steps to reproduce or a proof-of-concept
- Expected vs. actual behavior and potential impact
- Optional: a suggested CVSS score or severity
If you cannot use GitHub for any reason, open a new issue with the title “Security: request for secure channel” (no details) and we’ll provide an alternate contact method privately. Please do not include sensitive information in public issues or pull requests.
- Acknowledgement: within 48 hours (2 business days)
- Initial assessment: within 3 business days
- Fix and coordinated disclosure timeline depends on severity and complexity; we’ll keep you updated and credit you in release notes (unless you prefer to remain anonymous).
- Please avoid public disclosure until a fix is available and users have had a reasonable update window.