Security updates are provided for the latest released version of tetframework/tet.
Older versions may receive fixes at the maintainers’ discretion, depending on severity and feasibility.
Please do not report security vulnerabilities through public GitHub issues.
Report vulnerabilities privately using GitHub Security Advisories:
https://github.com/tetframework/tet/security/advisories/new
Include as much detail as possible:
- affected version or commit
- vulnerability description
- reproduction steps or proof of concept
- expected impact
- suggested mitigation, if known
After receiving a report, the maintainers will aim to:
- acknowledge receipt;
- assess severity and affected versions;
- prepare and review a fix;
- publish a patched release;
- disclose the vulnerability when appropriate.
Reports made in good faith will be treated respectfully.
Please allow the maintainers reasonable time to investigate and fix the issue before public disclosure.
Coordinated disclosure is preferred.