The following versions of Conductor are currently being supported with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of Conductor seriously. If you believe you have found a security vulnerability, please report it to us responsibly.
Please do not report security vulnerabilities via public GitHub issues.
Instead, please use the following method:
GitHub Private Vulnerability Reporting: Use the "Report a vulnerability" button on the Security tab of this repository.
To help us address the issue quickly, please include:
- A descriptive title.
- A summary of the vulnerability.
- Steps to reproduce the issue (including any exploit code if applicable).
- Potential impact of the vulnerability.
- Any suggested fixes or mitigations.
When a security report is received, we will:
- Acknowledge receipt of the report within 48 hours.
- Investigate the issue and determine its severity and impact.
- Work on a fix and validate it.
- Release a new version with the fix and provide a security advisory.
We ask that you follow responsible disclosure practices and allow us a reasonable amount of time to address the issue before making any information public.