Security fixes are applied to the latest released version of SimplicityPress.
Older versions may not receive security updates. Users are encouraged to upgrade to the most recent release when possible.
If you believe you have found a security vulnerability, please do not open a public issue.
Instead, report it privately using one of the following methods:
- GitHub Security Advisories (preferred, if enabled)
- Email the project maintainer (see repository profile)
Please include:
- A clear description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact
- Any relevant logs, screenshots, or proof-of-concept code
You may redact sensitive information as needed.
Once a report is received:
- The issue will be reviewed and validated
- A fix will be developed and tested
- A patched release will be published
- A security advisory may be issued if appropriate
We aim to respond to security reports in a timely manner, but response times may vary depending on complexity and availability.
This security policy applies to:
- The SimplicityPress core library
- CLI and GUI interfaces
- Official release artifacts
Third-party dependencies are subject to their own security policies.
Thank you for helping keep this project secure.