We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 1.x | ✅ |
If you discover a security vulnerability within this project, please follow these steps to report it:
- Do not open a public issue.
- Send an email to [email protected] with the details of the vulnerability.
- Please include the following in your email:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Any potential impacts and your assessment of the severity.
- Any possible mitigations or workarounds.
We will review your report and respond within 5 business days with an acknowledgment of the issue. We aim to address all security vulnerabilities in a timely manner and will work with you to understand the scope and impact of the reported issue.
- Once a vulnerability is reported, we will verify the issue and determine the scope and impact.
- We will work on a fix and perform internal testing to ensure the issue is resolved.
- A security advisory will be published, and we will notify affected users and developers about the vulnerability and the fix.
- The patched version will be released, and we will update the repository with the necessary changes.
While using TickWatch, we recommend the following security best practices:
- Always keep your dependencies up to date to ensure you have the latest security patches.
- Regularly audit your project's dependencies for known vulnerabilities.
- Avoid using the plugin in an environment where untrusted users can input data directly.
- Follow secure coding practices and validate all inputs when integrating with other components or plugins.
If you have any questions or need further assistance, please reach out to us at [email protected].