Security Policy

Supported Versions

| Version | Supported | |---------|--------------------| | 1.0.x | :white_check_mark: |

Reporting a Vulnerability

If there are any vulnerabilities discovered within Clock, please do not hesitate to _report them_.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab. If you have a fix for the issue, that is most welcome -- please attach or summarize it in your message!

I will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. I will contact you to let you know the outcome, and will credit you in the report.

Please do not disclose the vulnerability publicly until a fix is released!

Once either a) a fix has been published, or b) I have declined to address the vulnerability for whatever reason, you are free to publicly disclose it.

Tidelift subscribers

If you're a Tidelift subscriber, please use this route instead:

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.