We take security seriously. The following versions of Sonora are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.2.x | ✅ |
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in Sonora, please report it to us as follows:
Do not create a public GitHub issue for security vulnerabilities.
Instead, please email the lead developer directly:
- Email: ramkrishna@code-xon.fun
- Subject: [SECURITY] Sonora Vulnerability Report
Include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity
- Any suggested fixes or mitigations
- Your contact information for follow-up
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Investigation: We will investigate the issue and determine its validity
- Fix Development: If valid, we will develop and test a fix
- Disclosure: We will coordinate disclosure with you
- Release: We will release the fix and security advisory
We kindly ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Avoid accessing or modifying user data
- Do not perform DoS attacks or degrade services
- Respect the privacy and security of our users
We appreciate security researchers who help keep Sonora safe. With your permission, we will acknowledge your contribution in our security advisory.
For any security-related questions:
- Email: ramkrishna@code-xon.fun
- Lead Developer: Ramkrishna