If you discover a security vulnerability in any HenshinLabs project, please report it responsibly.
Do not open a public issue. Instead, send an email to ahelipoddar2003@gmail.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (if applicable)
We will acknowledge your report within 48 hours and provide a timeline for a fix.
This policy applies to all repositories under the HenshinLabs organization.
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | Best effort |
We generally only provide security fixes for the latest release of each project.
- Acknowledgment within 48 hours of your report
- Assessment of the vulnerability's severity and impact
- Fix development — timeline depends on complexity
- Release of a patched version
- Credit in the release notes (unless you prefer to remain anonymous)
- We request a 90-day disclosure window from the time of confirmation
- We will coordinate with you on public disclosure timing
- We will credit reporters in security advisories unless anonymity is requested
When contributing to HenshinLabs projects:
- Never commit secrets, API keys, or credentials
- Use environment variables for sensitive configuration
- Validate and sanitize all user inputs
- Follow the principle of least privilege
- Keep dependencies up to date
- Review code for common vulnerability patterns (injection, path traversal, etc.)