Security updates are provided for the latest released version of each provider and hook in this repository.
| Package | Supported |
|---|---|
| Latest release of each provider/hook | Yes |
| Older releases | No |
Please do NOT open a public GitHub issue to report a security vulnerability.
If you discover a security vulnerability in this project, please report it responsibly through GitHub Security Advisories:
- Go to https://github.com/open-feature/ruby-sdk-contrib/security/advisories/new
- Fill in the details of the vulnerability
- Submit the advisory
This ensures the vulnerability is reported privately and can be addressed before any public disclosure.
We aim to acknowledge receipt of vulnerability reports within 5 business days. After acknowledgement, we will work to:
- Confirm the vulnerability and determine its impact
- Develop and test a fix
- Release a patched version
- Publicly disclose the vulnerability after the fix is available
We follow a coordinated disclosure process. We ask that you:
- Allow us reasonable time to address the vulnerability before public disclosure
- Make a good faith effort to avoid privacy violations, data destruction, or disruption of services
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
Thank you for helping to keep OpenFeature and its users safe.