Onetime Secret
Security Policy
We take the security of this project seriously and appreciate your efforts to responsibly disclose vulnerabilities. This document outlines our security policy and provides guidelines on how to report vulnerabilities.
Supported Versions
We provide security updates for the following versions of our project:
| Version | Supported |
|---|---|
| 0.22.x+ | ✅ |
| 0.21.x | ✅ |
| < 0.20.x | ❌ |
If you are using an unsupported version, we strongly recommend upgrading to one of the supported versions to ensure you receive the latest security updates.
Reporting a Vulnerability
If you discover a security vulnerability within this project, we encourage you to report it as soon as possible.
How to Report
- Email: Send an email to security@onetimesecret.com with the subject line "Vulnerability Report: [Brief Description]".
- Details: Include as much information as possible about the vulnerability:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Any potential impact.
- Your contact information for follow-up.
What to Expect
- Acknowledgment: You will receive an acknowledgment within 5 business days.
- Initial Assessment: We'll conduct an initial assessment within 14 business days.
- Updates: You will receive status updates at least once every 7 days until the issue is resolved or a decision is made.
Resolution Process
- Accepted Vulnerabilities: We'll fix and notify you once the fix is deployed.
- Declined Vulnerabilities: We'll provide a detailed explanation if the vulnerability is not accepted.
Confidentiality
We take your privacy seriously. Reports will be kept confidential, and we will coordinate disclosure after a fix is in place.
Thank you for helping us keep Onetime Secret secure and excellent!