We actively support the following versions of PHP Feed with security updates:

We take security seriously. If you discover a security vulnerability in PHP Feed, please report it responsibly.

Please DO NOT open a public GitHub issue for security vulnerabilities. Instead, please:

1. Email us directly at: [email protected]
2. Include the following information:
   • A clear description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact of the vulnerability
   • Any suggested fixes (if you have them)

• Acknowledgment: We will acknowledge receipt of your report within 48 hours
• Investigation: We will investigate and assess the vulnerability within 5 business days
• Updates: We will keep you informed of our progress throughout the process
• Resolution: We aim to resolve security issues within 30 days
• Credit: With your permission, we will credit you in our security advisory

When using PHP Feed in your applications:

• Keep the package updated to the latest version
• Validate and sanitize all user input before passing to feed methods
• Use proper authentication and authorization for feed endpoints
• Consider rate limiting for public feed endpoints
• Regularly review your dependencies for security updates

• We will coordinate with you on the timing of any public disclosure
• We prefer to disclose vulnerabilities after a fix is available
• We will publish security advisories for significant vulnerabilities

Thank you for helping to keep PHP Feed secure!