Skip to content

Security Policy

Supported Versions

We prioritize security and stability in Coldtivate. Security fixes and bug patches are generally provided for the latest minor release. If a critical vulnerability is discovered, a patch may be released as soon as possible.

Reporting a Vulnerability

If you discover a security vulnerability in Coldtivate or any of its dependencies, please report it privately to protect users and allow the team time to address the issue responsibly.

How to report

  • Preferred Method: Use GitLab’s “Report a vulnerability” feature under the Security tab of the Coldtivate repository. This ensures direct and confidential communication with the maintainers. For details on the reporting process, visit this guide.

  • Alternative Method: You can also report vulnerabilities by emailing us at [email protected].

What to Expect

  • Our team will review your report and keep you updated throughout the resolution process.
  • We may request additional details or ask you to verify a fix in a private advisory branch.
  • Please do not disclose the vulnerability publicly until we coordinate an official release.

We aim to follow a 90-day disclosure policy and will credit you publicly for the discovery if you choose.