This policy applies only to the SocialShareButton repository.
| Version / Branch | Supported |
|---|---|
main |
✅ Yes |
| Other branches | ❌ No |
Older versions may not receive security patches.
If you discover a security vulnerability, please do not open a public GitHub issue.
Instead, report it privately using GitHub’s built-in private vulnerability reporting feature:
https://github.com/AOSSIE-Org/SocialShareButton/security/advisories/new
Private reporting ensures the issue can be addressed responsibly without exposing users to unnecessary risk.
To help us investigate efficiently, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- The potential impact and affected components
- Any proof-of-concept code, logs, or screenshots (if applicable)
- Suggested mitigation or fix (if known)
Providing detailed information helps us respond more quickly and effectively.
Once a vulnerability report is received:
- Acknowledge receipt of the report within 48 hours.
- Investigate and validate the reported issue.
- Develop and test a fix if the vulnerability is confirmed.
- Coordinate responsible disclosure with the reporter before any public announcement.
- Release a prompt patch and notify the reporter.
We kindly ask reporters to avoid public disclosure until a fix has been released, allowing us to protect users effectively.
We appreciate responsible disclosure and thank you for helping keep SocialShareButton secure and reliable.
For general discussions or non-sensitive communication, you can also reach out through our official Discord server: https://discord.gg/hjUhu33uAn