The Context Vibes team and community take the security of our software seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
We generally provide security updates for the latest released version(s) of our active projects (e.g., the ContextVibes CLI). Please check the specific repository for details on its supported versions.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ (Generally No) |
If you discover a security vulnerability in any Context Vibes organization project, please report it to us privately. Do NOT create a public GitHub issue for security vulnerabilities.
Please send an email to security@contextvibes.dev (Note: This is an example email, please replace with your actual security contact method) with the following details:
- A clear description of the vulnerability.
- The project and version(s) affected.
- Steps to reproduce the vulnerability.
- Any potential impact if exploited.
- Your name or alias for acknowledgement (if desired).
We aim to acknowledge receipt of your vulnerability report within 48 hours and will work with you to understand and address the issue. We will coordinate public disclosure with you once a fix is available.
Alternatively, for specific repositories within the Context Vibes organization that have Private Vulnerability Reporting enabled via GitHub, please use that feature.
When we receive a security bug report, we will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
- Confirm the problem and determine the affected versions.
- Audit code to find any similar problems.
- Prepare fixes for all releases still under maintenance. These fixes will be applied to the main branch and any release branches.
- Coordinate with you on a public disclosure date.
We appreciate your patience as we work to resolve security issues.