Rhythmic Technologies takes security seriously. We hold ourselves to high standards for the security of our open source projects.
We provide security updates for the latest major version of each module. Older major versions may receive critical fixes at our discretion.
| Version | Supported |
|---|---|
| Latest | Yes |
| < Latest major | Best effort |
Do not open a public GitHub issue for security vulnerabilities.
Please report vulnerabilities by emailing security@rhythmictech.com with:
- A description of the vulnerability
- Steps to reproduce
- Affected versions
- Any potential mitigations you have identified
- Acknowledgment: We will acknowledge receipt within 2 business days.
- Assessment: We will provide an initial assessment within 7 business days.
- Fix: We aim to release a fix within 30 days for critical issues.
- Disclosure: We follow a 90-day coordinated disclosure timeline. We will work with you on timing if the fix requires more time.
This policy applies to all repositories under the rhythmictech GitHub organization.
We appreciate the efforts of security researchers and will acknowledge contributors in release notes (with permission).