We currently support the following versions of SpecFact CLI with security updates:

We take the security of SpecFact CLI seriously. If you believe you've found a security vulnerability, please follow these guidelines for responsible disclosure:

Please DO NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via email to:

• [email protected]

Please include the following information in your report:

1. Description of the vulnerability
2. Steps to reproduce the issue
3. Potential impact of the vulnerability
4. Any suggested mitigations (if available)

After you report a vulnerability:

• You'll receive acknowledgment of your report within 48 hours.
• We'll provide an initial assessment of the report within 5 business days.
• We aim to validate and respond to reports as quickly as possible, typically within 10 business days.
• We'll keep you informed about our progress addressing the issue.

• Please give us a reasonable time to address the issue before any public disclosure.
• We will coordinate with you to ensure that a fix is available before any disclosure.
• We will acknowledge your contribution in our release notes (unless you prefer to remain anonymous).

When using SpecFact CLI in your environment:

• Keep your installation updated with the latest releases.
• Restrict access to the server and its API endpoints.
• Use strong authentication mechanisms when exposing the service.
• Implement proper input validation for all data sent to the service.
• Monitor logs for unexpected access patterns.

Thank you for helping keep SpecFact CLI and our users secure!