We provide security updates for the following versions of the library. Older versions may still work but are not actively maintained for security issues. Please upgrade to a supported version if possible.
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ✅ (use v2.x.x, it has no breaking changes) |
| < 1.0 | ❌ |
If you discover a security vulnerability in this library, please report it responsibly. Do not disclose the issue publicly until we've had a chance to address it.
- Email us: Send details to security@bestax.io.
- GitHub Security Advisory: Under GitHub's Security tab, under Advisories. Press the "Report a vulnerability" button to report a vulnerability privately.
- Include as much information as possible: steps to reproduce, affected versions, potential impact, and any suggested fixes.
- We will acknowledge your report within 48 hours.
- We aim to triage and confirm the issue within 7 days.
- If accepted, we'll work on a fix and coordinate a disclosure timeline with you.
- If declined (e.g., not a vulnerability or out of scope), we'll explain why.
- Credit: We'll credit you in the release notes or advisory unless you prefer anonymity.
We appreciate your help in keeping our library secure!
- For vulnerabilities in dependencies, please report them to the upstream projects.
- We follow responsible disclosure practices and may publish advisories on GitHub once resolved.