Only the latest version of Codra is currently supported with security updates. If you discover a vulnerability, please ensure you are running the latest version before reporting.
| Version | Supported |
|---|---|
| >=0.9.x | ✅ |
| < 0.9.0 | ❌ |
We take the security of Codra seriously. If you believe you have found a security vulnerability, please do not open a public issue. Instead, please report it via one of the following methods:
- Email: Send a detailed report to me@devarshi.dev.
- GitHub Private Reporting: Use the "Report a vulnerability" feature on GitHub if available.
- A description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact of the vulnerability.
- Any suggested fixes or mitigations.
We will acknowledge your report within 48 hours and provide a timeline for a fix if the vulnerability is confirmed.
We follow a coordinated disclosure policy. We ask that you do not disclose the vulnerability publicly until we have had a chance to address it and release a fix. In return, we will give you credit for the discovery in our security advisories (unless you prefer to remain anonymous).