We release security updates only for the latest version of RxDBDotNet.
Note: We strongly recommend all users update to the latest version to benefit from the most recent security fixes and improvements.
If you discover a security vulnerability in RxDBDotNet, we appreciate your efforts to responsibly disclose it to us.
Please report vulnerabilities using GitHub's Private Vulnerability Reporting feature. This allows us to collaborate on resolving the issue without publicly disclosing it.
To report a vulnerability:
- Navigate to the RxDBDotNet repository.
- Click on the "Security" tab.
- Select "Report a vulnerability".
- Follow the prompts to submit your report securely.
Please include as much detail as possible to help us understand and reproduce the issue:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Any relevant screenshots, logs, or code snippets.
Important: Do not disclose the vulnerability publicly until we have addressed it.
- Acknowledgment: Within 2 business days, we will acknowledge receipt of your report.
- Investigation: We aim to investigate and respond with our findings within 7 business days.
- Resolution: Once the vulnerability is confirmed, we will work on a fix and release it as soon as possible.
After the vulnerability has been resolved, we will:
- Notify you that the issue has been fixed.
- Credit you for the discovery in our release notes, if you wish.
- Publish a summary of the vulnerability and its impact.
We prefer to receive vulnerability reports in English.