Skip to content

Security: spotship/rustyroute

SECURITY.md

Security Policy

Supported versions

rustyroute has not yet published a release. Until the first tagged release, only the default branch (main) is in scope for security review.

Version Supported
Unreleased main Yes
Tagged releases Not yet available

Reporting a vulnerability

Do not open a public GitHub issue for suspected vulnerabilities.

Preferred path:

  1. Use GitHub Private Vulnerability Reporting on this repository, if enabled.
  2. Otherwise, email security@spot-ship.com with the subject prefix [rustyroute security].

Please include:

  • Affected commit, tag, or branch.
  • A minimal reproduction (steps, input data, expected vs. actual behaviour).
  • Your assessment of the impact.
  • Any suggested mitigation or patch.

Disclosure window

  • Acknowledgement: within 5 business days of receipt.
  • Initial assessment: within 15 business days of receipt.
  • Fix availability and coordinated disclosure: depends on severity, exploitability, and release readiness. We will keep reporters informed throughout.

We follow responsible disclosure practice and credit reporters in release notes unless asked to remain anonymous.

There aren't any published security advisories