The maintainers of the @ericcornelissen/eslint-plugin-top project take
security issues seriously. We appreciate your efforts to responsibly disclose
your findings. Due to the non-funded and open-source nature of the project, we
take a best-efforts approach when it comes to engaging with security reports.
This document should be considered expired after 2024-11-05. If you are reading this after that date you should try to find an up-to-date version in the official source repository.
The table below shows which versions of the project are currently supported with security updates.
| Version | End-of-life |
|---|---|
| 3.x.x | - |
| 2.x.x | 2024-03-26 |
| 1.x.x | 2023-09-01 |
| 0.x.x | 2023-05-26 |
This table only includes information on versions <4.0.0.
To report a security issue in the latest version of a supported version range, either (in order of preference):
- Report it through GitHub, or
- Send an email to security@ericcornelissen.dev with the terms "SECURITY" and "eslint-plugin-top" in the subject line.
Please do not open a regular issue or Pull Request in the public repository.
To report a security issue in an unsupported version of the project, or if the latest version of a supported version range isn't affected, please report it publicly. For example, as a regular issue in the public repository. If in doubt, report the issue privately.
Try to include as many of the following items as possible in a security report:
- An explanation of the issue
- A proof of concept exploit
- A suggested severity
- Relevant CWE identifiers
- The latest affected version
- The earliest affected version
- A suggested patch
- An automated regression test
Note
Advisories will be created only for vulnerabilities present in released versions of the project.
| ID | Date | Affected versions | Patched versions |
|---|---|---|---|
| - | - | - | - |
This table is ordered most to least recent.
We would like to publicly thank the following reporters:
- None yet