We actively support the following versions of VerTree:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take the security of VerTree seriously. If you discover a security vulnerability, please follow these steps:
- Do not open a public issue for the vulnerability
- Email us at security@vertree.dev with details of the vulnerability
- Include as much information as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
- Acknowledgment: We'll acknowledge receipt of your report within 48 hours
- Investigation: We'll investigate and validate the issue within 5 business days
- Resolution: We'll work to fix the issue and release a patch as soon as possible
- Disclosure: We'll coordinate with you on the disclosure timeline
We follow responsible disclosure practices:
- We'll keep you informed throughout the process
- We'll credit you for the discovery (unless you prefer to remain anonymous)
- We'll notify users of security updates through our normal channels
When deploying VerTree:
- Always use HTTPS in production
- Keep your Go runtime and dependencies up to date
- Use strong authentication credentials
- Regularly update to the latest version
- Monitor your deployment for unusual activity
- Follow the principle of least privilege for database access
For security-related questions: security@vertree.dev