We take the security of desktop-clock-widget seriously. We appreciate your efforts to responsibly disclose any security vulnerabilities you may find.
Please DO NOT open a public GitHub issue for security vulnerabilities. Instead, please report them to us privately via email at:
- A clear and concise description of the vulnerability.
- Steps to reproduce the vulnerability (including configuration, relevant code snippets, and expected vs. actual behavior).
- The potential impact of the vulnerability.
- Which version(s) of
desktop-clock-widgetare affected. - Any proof-of-concept (PoC) code or screenshots that demonstrate the vulnerability.
- We will acknowledge receipt of your report within [e.g., 2 business days].
- We will investigate the reported vulnerability thoroughly.
- We will keep you informed of our progress in addressing the vulnerability.
- Once a fix is available, we will notify you and coordinate a responsible disclosure timeline.
The following versions of desktop-clock-widget are currently supported for security updates:
- [e.g., Version 1.x.x (latest stable release)] - Actively maintained
- [e.g., Version 1.0.0 (previous stable release, might receive critical updates)] - Limited support
We encourage users to always use the latest stable version of desktop-clock-widget to ensure they have the most recent security fixes and features.
We kindly request that you give us a reasonable amount of time to address the reported vulnerability before publicly disclosing it. Public disclosure without prior coordination can put users at risk.
We believe in collaborating with security researchers and will strive to work with you through the entire process. We will typically aim to fix and disclose vulnerabilities within [e.g., 90 days] of the initial report, or sooner for critical issues.
We appreciate your cooperation in making desktop-clock-widget a more secure application for everyone.