Skip to content

Security: toaweme/log

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Please do not open a public issue for a security problem. Public issues are visible to everyone before a fix exists, which puts users at risk.

Report privately through either channel:

  • GitHub private advisory (preferred) — go to the Security tab and open a draft advisory. This keeps the report, discussion, and fix in one place and lets us credit you when it is resolved.
  • Email — write to security@toawe.me with the details below.

Please include:

  • the module version or commit affected,
  • your Go version and OS,
  • a minimal snippet that triggers it,
  • what happens and what you expected, and
  • a proof of concept if you have one.

What to expect

log is maintained by a small volunteer team, so please allow a little time.

  • We aim to acknowledge a report within 7 days.
  • Once confirmed, we will work on a fix and coordinate a release with you before any public disclosure.
  • With your permission we will credit you in the release notes.

Supported versions

Only the latest released version receives security fixes. Please upgrade to the current release before reporting, in case the issue is already resolved.

There aren't any published security advisories