Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 5.1.x | ✅ |
| 5.0.x | ❌ |
| 4.0.x | ✅ |
| < 4.0 | ❌ |
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.
At Reimagine Truth Organization and TruthWeb, we take the security of our projects very seriously. If you discover a security vulnerability, please follow these steps to report it to us:
-
Do not disclose the vulnerability publicly until it has been reviewed and addressed.
-
Send a detailed report about the vulnerability, including how it can be reproduced, any potential risks, and any suggestions for fixing it. Please send your report to us at:
- Email: reimaginetruth@gmail.com
- Telegram: (https://t.me/TruthWebOfficial)
- GitHub Issues: https://github.com/ReimagineTruth/truthweb.io/issues
-
We will acknowledge receipt of your report within 48 hours.
-
A security team member will investigate and determine the impact of the vulnerability. We will work to resolve the issue as quickly as possible and release a patch or mitigation.
-
Once the issue has been addressed, we will notify you and provide information about the fix or patch.
We follow responsible disclosure practices to protect both users and the integrity of the project. By following the process above, you help ensure that vulnerabilities are resolved privately and effectively before they are made public.
We recommend subscribing to the project's repository or official communication channels (Telegram, GitHub, etc.) to receive updates about security patches and other important security-related information.
We thank everyone who helps us keep the project secure. If you contribute to resolving a security issue, we will acknowledge your contribution in our security changelog, unless you request otherwise.
We follow secure development practices and regularly audit our codebase for vulnerabilities. We encourage contributors to use the following best practices when submitting code:
- Ensure that any third-party libraries used are regularly updated and free of known vulnerabilities.
- Always validate inputs and sanitize user data to prevent injection attacks.
- Perform security testing and audits for any new features or code changes.
This Security Policy is licensed under the MIT License.