Supported versions use the format TheDanniCraft/activity-log@<version>.
For example: TheDanniCraft/activity-log@v1.

The following versions are supported with security updates:

If you discover a security vulnerability, please report it to us.
We take all security vulnerabilities seriously and will address them promptly.

1. GitHub Security Advisories
   Report the vulnerability via our GitHub Security Advisories page.

2. Details
   Include as much information as possible about the vulnerability. This should include:

   • Steps to reproduce the vulnerability
   • Potential impact of the vulnerability
   • Any possible fixes or workarounds

We allow the responsible use of AI tools for assisting in security research and reporting.
AI can help identify potential vulnerabilities or assist in writing clear and structured reports.
However, all findings must be manually verified before submission, and you remain fully responsible for the accuracy of the report.

• AI is used to assist with analysis, improve report clarity, or help structure findings.
• You manually verify that the vulnerability exists and reproduce it yourself.
• You review and confirm all AI-generated information before submission.
• The report remains accurate, detailed, and follows the required template.

• The report is AI-generated without manual verification.
• The report includes fabricated or untested vulnerabilities.
• You attempt to mass-submit spam or low-quality AI-generated reports.
• You use AI to submit vulnerabilities automatically or without human review.

You are fully responsible for any AI-assisted security report you submit.
If you submit spam, false, or AI-generated reports without verification,
the maintainers reserve the right to close your reports as invalid and block you from reporting vulnerabilities or contributing further.

Examples include, but are not limited to:

• Submitting multiple false or AI-generated security reports without manual review.
• Copying or auto-generating reports from unrelated projects.
• Failing to verify claims before submitting them.
• Attempting to game GitHub’s Security Advisory Program for recognition or credit.

• We will acknowledge your report within 48 hours.
• We will investigate the issue and provide an initial response within 5 business days.
• We aim to provide a fix within 30 days, depending on severity and complexity.

We will publish a summary of the vulnerability and its resolution once the fix has been deployed.
If you prefer, we will credit you with the discovery of the vulnerability.

To ensure the security of the activity-log project, we use the following tools and practices:

• 🤖 Depfu updates dependencies automatically.
• 🛡️ Dependabot alerts us to potential security vulnerabilities in dependencies.
• 🔎 GitHub Code Scanning identifies potential security issues in our codebase.
• 🔑 GitHub Secret Scanning detects and alerts us to exposed secrets in the repository.

• OWASP Top Ten
• CSP Documentation
• Snyk Vulnerability Database

For further queries or concerns, please contact us via email.
Thank you for helping us keep our application secure! ❤️