Supported Versions
We currently support the latest major release of pipetool. Older versions may not receive security updates or patches.
Reporting a Vulnerability
If you discover a security vulnerability, please do not open a public issue.
Instead, contact us directly:
- Email: security@yourdomain.org
- PGP Key: https://yourdomain.org/pgp.key (optional)
We aim to respond to all security reports within 5 business days. All disclosures will be handled confidentially and professionally.
Disclosure Process
- Vulnerability reported via email
- Maintainers investigate and validate the issue
- A patch is prepared and tested privately
- Coordinated disclosure timeline is agreed upon with reporter
- Advisory + patched release are published
Hall of Fame
We may credit contributors who report valid vulnerabilities in our release notes, changelogs, or SECURITY.md — with consent.
Thank you for helping make Runink safer for everyone!