The following table outlines the versions of KeyHippo that are currently supported with security updates:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1.0 | ❌ |
To report a vulnerability in KeyHippo, please follow the guidelines below:
-
Where to Report:
- Vulnerabilities should be reported via email to our security team at [email protected]. Please include as much detail as possible, including the version of KeyHippo you are using, the nature of the vulnerability, and any steps to reproduce the issue.
-
Response Time:
- You can expect an acknowledgment of your report within 24 hours of submission. Our team will investigate the issue and provide you with regular updates on the progress. We aim to provide a full assessment and remediation plan within 2 business days.
-
What to Expect:
- If the vulnerability is accepted, we will work on a patch and release a security update as soon as possible. You will be notified once the fix is available, and your name or alias will be credited in the release notes unless you wish to remain anonymous.
- If the vulnerability is declined, we will provide a detailed explanation as to why it does not meet the criteria for a security issue or why it cannot be addressed.
Your participation in identifying and reporting vulnerabilities is greatly appreciated and helps us maintain the security and integrity of KeyHippo.