Skip to content

Security: kwilteam/kwil-db

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
Latest beta or release candidate
v0.9.x
v0.8.x
< v0.9

Reporting a Vulnerability

If you discover a security issue in this project, please DO NOT open an issue or publicly disclose the vulnerability.

There are two ways to privately report a security issue:

Your report will be acknowledged within 24 hours, and you’ll receive a more detailed response to your report within 48 hours indicating the next steps in handling your report.

Disclosure Policy

In the event that we learn of a critical security vulnerability, we reserve the right to silently fix it without immediately disclosing the existence of the vulnerability.

In such a scenario, we will:

  1. Silently fix the vulnerability in a new release.

  2. Notify all users of the affected versions that they should upgrade to the new release.

  3. After a reasonable period of time, we will publicly disclose the vulnerability, along with credit to the reporter (with their permission).

This policy is based on the Geth team's silent patch policy.

There aren’t any published security advisories