| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
Do not report security vulnerabilities through public GitHub issues.
Email security reports to the maintainer directly. You can find contact info on the RubyGems page.
Please include:
- Type of vulnerability
- Steps to reproduce
- Impact assessment
- Proof-of-concept (if possible)
- Acknowledgment: within 48 hours
- Assessment: within 7 days
- Fix and disclosure: coordinated with reporter
- Always use HTTPS in production
- Set appropriate session expiry times
- Keep the gem updated
- Use environment variables for secrets