We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0.0 | ❌ |
We use Dependabot to automatically monitor and update our dependencies:
- Weekly dependency updates
- Automatic security vulnerability scanning
- Pull requests for dependency updates
- Manual review of all dependency changes
- Automatic assignment to security team for review
We take the security of our library seriously. If you believe you have found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email our security team at security@kopexa.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
- You will receive an acknowledgment within 48 hours
- We will investigate and keep you updated on our progress
- We will work with you to validate and address the vulnerability
- Once fixed, we will:
- Credit you in the security advisory (unless you prefer to remain anonymous)
- Release a patch as soon as possible
- Update the CHANGELOG.md
When using this library, we recommend:
- Always use the latest stable version
- Regularly update dependencies
- Follow Go security best practices
- Use security scanning tools in your CI/CD pipeline
- Implement proper input validation
- Use secure configuration management
Security updates will be released as patch versions (e.g., 1.0.1) and will be clearly marked in the CHANGELOG.md. We recommend implementing a process to regularly check for and apply these updates.