This is the default security policy for all of Tecnick.com LTD's open-source repositories.
Individual projects may publish their own SECURITY.md with project-specific details; when
present, that file takes precedence.
Security fixes are applied to the latest stable release of each project. We strongly recommend always running the latest release.
Please do not open a public issue for security vulnerabilities.
If you discover or suspect a vulnerability, follow responsible disclosure:
- Email the maintainer at info@tecnick.com with the subject
[SECURITY] <project> <brief description>, or open a private GitHub Security Advisory on the affected repository. - Include as much detail as possible (see below).
- You will receive an acknowledgement as soon as possible, and we will work on a fix or mitigation as promptly as the complexity allows.
If you do not receive a timely response, follow up by replying to the same thread.
- A clear description of the vulnerability and its potential impact.
- The affected component (module, function, or feature).
- Steps to reproduce: a minimal, self-contained script or test that demonstrates the issue.
- Expected versus actual behaviour.
- Environment: language runtime version, OS, and project version.
- Optional: a CVE or CWE reference, and a suggested fix or patch.