Security Policy

Reporting a Vulnerability

We take security seriously and appreciate prompt reports of vulnerabilities. If you discover a security vulnerability within this project, please report it to us as soon as possible.

How to report:

• Create Advisory: https://github.com/jonloucks/gradle-kit/security/advisories/new

Please do not disclose the vulnerability publicly until we have had a chance to address it.

Our Response Timeline

We aim to acknowledge all vulnerability reports within 2 business days. Our team will then investigate the report and provide updates on the remediation progress. The time to resolution will depend on the severity and complexity of the vulnerability.

Responsible Disclosure Guidelines

We ask that you follow these guidelines for responsible disclosure:

1. Do not exploit the vulnerability: Do not attempt to gain unauthorized access, modify data, or disrupt services.
2. Do not disclose publicly: Keep the vulnerability confidential until we have confirmed a fix and given permission for public disclosure.
3. Provide sufficient details: Help us understand and reproduce the vulnerability by providing clear and comprehensive information.
4. Cooperate with us: Be available to answer questions and provide further details as needed during the investigation.

Supported Versions

Only the latest stable release of this project is actively supported for security updates. While we may address critical vulnerabilities in older versions, we recommend upgrading to the latest stable release for the best security posture.

Currently Supported Version:

Security Policy

Supported Versions

| Version | Supported | |:——–|:——————-| | 2.x | :white_check_mark: |

Reporting a Vulnerability

Use this section to tell people how to report a vulnerability.

Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.