We actively support the following versions of go-reloaded:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security issue, please follow these steps:
- Do NOT create a public GitHub issue for security vulnerabilities
- Send an email to: giorgoslaliotis@gmail.com with:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (if available)
- Acknowledgment: We will acknowledge receipt within 48 hours
- Initial Assessment: We will provide an initial assessment within 5 business days
- Updates: We will keep you informed of our progress
- Resolution: We aim to resolve critical issues within 30 days
When using go-reloaded:
- Input Validation: Always validate input files before processing
- File Permissions: Ensure proper file permissions for input/output files
- Resource Limits: Be aware of memory usage with large files
- Sandboxing: Consider running in isolated environments for untrusted input
This security policy covers:
- The core go-reloaded CLI application
- All transformation agents
- Build and deployment processes
- Third-party dependencies (report to respective maintainers)
- Issues in development/testing tools
- Social engineering attacks
Security updates will be:
- Released as patch versions (e.g., 1.0.1)
- Documented in CHANGELOG.md
- Announced in release notes
For security-related questions or concerns:
- Email: giorgoslaliotis@gmail.com
- GitHub: @g-laliotis
Thank you for helping keep go-reloaded secure!