Skip to content

Security: Emik03/KeepCoding

SECURITY.md

Security Policy

Supported Versions

To ensure that your modules remain stable, ensure that your version of KeepCoding is up-to-date with the latest version.

Currently semantic versioning is used, with format MAJOR.MINOR.PATCH. Prior to version 2, the format 1.MAJOR.MINOR was used instead.

  • A ✅ symbol indicates that there are no major or minor security issues.
  • A ❔ symbol indicates that there are no major security issues.
  • A ❌ indicates that the version contains major vulnerabilities and is not recommended to be used.
Version Supported
13.0.2
11 - 13.0.1
10 - 10.1
1.0 - 9.0.3

Reporting a Vulnerability

Minor cases are considered smaller than 3.0 on CVSSv3. Major cases are considered 3.0 or greater.

For minor cases, the vulnerability can be addressed by creating an issue. For more severe cases, you may contact me directly in Discord. (@Emik#0001)

A reply back will typically be noticed within 48 hours, and addressed in a few hours to a few days in the form of a new release depending on the severity and complexity of the problem.

A vulnerability will be acknowledged if it fits in one of four (4) conditions:

  • The vulnerability makes the library unstable for other modules that depend on this library.
  • The library itself has a piece of code that doesn't work or causes problems.
  • The library itself allows to make other modules ━ regardless if they use KeepCoding ━ unstable.
  • The library can be overriden with malicious code.

System.Reflection WILL NOT count as a vulnerability by itself, as this is an inherent feature of C# and cannot be prevented.

There aren’t any published security advisories