The following versions of the cra project are currently being supported with security updates:
| Version | Supported |
|---|---|
| v1.1.1 | ✅ |
| < v1.1.1 | ❌ |
Please ensure you are using the latest version of cra to receive security updates.
We take the security of our project seriously. If you discover a security vulnerability, please report it as soon as possible. We will make every effort to resolve the issue promptly.
-
Email: Please send an email to [[email protected]] with the subject "Security Vulnerability in CRA". Include the following details in your report:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Any potential impact or severity of the vulnerability.
- Your suggested fix, if you have one.
-
Private Issue: If you are comfortable sharing it publicly, you can open a private issue on the GitHub repository. Make sure to label it as a security issue.
- We will acknowledge your report within 48 hours.
- We will investigate and respond with our findings and any necessary steps within 7 days.
- If a vulnerability is confirmed, we will take steps to mitigate it immediately. A patch release will be issued as soon as the fix is ready, and we will coordinate a disclosure timeline with you.
We will inform our users of any security vulnerabilities that affect the cra project through the following channels:
- GitHub Releases: We will publish the fix along with a detailed release note.
- GitHub Security Advisories: We will issue a security advisory if necessary.
We follow a responsible disclosure process, where we first work privately with the individual who reported the issue to mitigate the vulnerability. After a patch has been created and released, we will disclose the vulnerability publicly.
If you have any questions or need further information, please reach out to [[email protected]].