Keeping poe-protocol.js secure is critical to protecting all the amazing bots people have built with it. As developers ourselves, we know vulnerabilities happen - so we need your help finding them!
Right now, we're focused on supporting version 1.1.1. If you spot an issue in versions 1.0.0 or 1.0.1, we unfortunately can't patch them (as they are empty), but please still report it so we know to fix it in the future!
| Version | Supported |
|---|---|
| 1.1.x | 🛡️ |
| 1.0.x | ❌ |
If you discover a vulnerability in poe-protocol.js, report it immediately so we can release a fix before it becomes a threat. Here's how:
- Email me at mailto:[email protected] with details about the vulnerability. Include things like:
- How to reproduce it
- Where it impacts (specific areas of code)
- Severity level
- I'll respond within 1 business day to confirm receipt and provide next steps.
- If valid, I'll release a patched version ASAP, credit you in the CHANGELOG, and be eternally grateful for helping keep Poe's community safe!
- If invalid, I'll explain why and work with you for clarification. Either way, I take all reports very seriously.