Security fixes are applied to the default branch and released tags of this repository. Older tags may not receive backports unless agreed with maintainers.
| Area | Supported |
|---|---|
| Latest/main | ✅ |
| Unmaintained tags | ❌ (upgrade) |
Do not open a public issue for an undisclosed security vulnerability.
Please use GitHub private vulnerability reporting.
Include:
- Description, impact, and affected components (CLI flags, file I/O, dependency on
godan(github.com/marcuwynu23/godan/lib), etc.) - Steps to reproduce and proof-of-concept if safe to share
- Version or commit hash
- Acknowledgment: within 48 hours when possible
- Fix & disclosure: coordinated after a patch is ready
This policy covers the dan-cli repository (command-line tool, build scripts, and bundled examples). Parser/encoder logic lives in the godan module (godan repository); if the issue is purely in the library, maintainers may move the advisory to the correct repo.
Good-faith research under this policy (minimal access, no user harm, responsible disclosure) is treated as authorized.
Thank you for responsible disclosure.