We are committed to maintaining the security of CodeBRT. Below is the list of versions currently supported with security updates:
Version | Supported |
---|---|
0.4.5 | ✅ |
< 0.4.5 | ❌ |
We take the security of our project seriously. If you discover a security vulnerability within CodeBRT, please follow these steps:
-
Do Not Publicly Disclose: Do not create a public GitHub issue for a suspected security vulnerability.
-
Email our Security Team:
- Send a detailed description of the vulnerability to: [[email protected]]
- Include steps to reproduce the vulnerability
- Provide any relevant code snippets or proof of concept
-
What to Expect:
- We will acknowledge receipt of your vulnerability report within 48 hours
- Our security team will investigate and validate the report
- You can expect an initial assessment within 5-7 business days
- We will keep you informed about the progress of the investigation
-
Potential Outcomes:
-
If the vulnerability is accepted:
- We will work on a fix and create a security patch
- You will be credited for your discovery (if you wish)
- We may provide a bounty or recognition for significant findings
-
If the vulnerability is declined:
- We will provide a detailed explanation
- We'll offer guidance if the issue is not a critical security risk
-
-
Responsible Disclosure:
- We request that you give us reasonable time to address the vulnerability before any public disclosure
- We are committed to resolving and patching security issues promptly
- Keep your dependencies up to date
- Use the latest version of CodeBRT
- Report any suspicious activities or potential vulnerabilities
- Follow our secure coding guidelines in the CONTRIBUTING.md
- Total packages: 289
- Current vulnerabilities: 0
Thank you for helping us maintain the security of CodeBRT.