We prioritize security for the two most recent major releases of tydids-validation. Security vulnerabilities in older versions may not be promptly addressed. For best security practices, we recommend using the latest supported version.

This project utilizes Dependabot for automated dependency scanning. Dependabot identifies potential vulnerabilities in dependencies and creates pull requests to update them.

We encourage responsible disclosure of security vulnerabilities. If you discover a security vulnerability, please report it responsibly by:

Creating an issue: Open an issue on the project's GitHub repository https://github.com/energychain/tydids-validation/ with the details of the vulnerability. Marking the issue as private: Choose the "Private" option when creating the issue to keep the vulnerability details confidential until a fix is released. Providing details: In the issue description, include a clear description of the vulnerability, steps to reproduce it (if possible), and any potential impact. Pull Requests:

We welcome pull requests that contribute to the security of the project. All pull requests will be reviewed by the repository maintainer(s) before being merged.

For further questions or concerns regarding project security, please don't hesitate to contact the project maintainers through the GitHub repository.

This Security Policy may be updated from time to time. We encourage you to periodically review this document for any changes.