The following versions of Career Pilot are currently supported with security updates:
| Version | Supported |
|---|---|
| main | ✅ Yes |
If you discover a security vulnerability in Career Pilot, please do not open a public issue.
Instead, report it responsibly by:
- 📧 Reaching out to the maintainer directly via their GitHub profile.
- 💬 Sending a private message through GitHub's messaging or social links listed in the profile.
To help us investigate and resolve the issue efficiently, please include:
- A clear description of the vulnerability.
- Steps to reproduce the issue.
- Expected and actual behavior.
- Potential impact assessment.
- Any relevant screenshots, logs, or proof-of-concept examples.
- Any suggested fix (optional but appreciated).
| Action | Timeframe |
|---|---|
| Acknowledgement of report | Within 48 hours |
| Status update | Within 7 days |
| Patch / fix release | Within 30 days |
Once a vulnerability report is received, the following process will generally be followed:
- The report will be reviewed and acknowledged.
- The issue will be validated and its impact assessed.
- A fix or mitigation strategy will be developed.
- The reporter may be contacted for additional information if needed.
- Security updates will be released once the issue has been addressed.
Please note that resolution timelines may vary depending on the complexity and severity of the reported issue.
For significant security issues, the project may use GitHub Security Advisories or release notes to communicate important security-related updates and fixes to users.
Users are encouraged to keep their local copies updated to receive the latest security improvements.
To help us investigate vulnerabilities efficiently:
- Provide detailed and accurate information.
- Include reproducible steps whenever possible.
- Share supporting evidence such as logs or screenshots.
- Clearly describe the potential impact of the issue.
- Avoid publicly disclosing the vulnerability before it has been addressed.
Providing complete information helps reduce investigation time and improves the response process.
We follow a responsible disclosure process and kindly request that security researchers:
- Report vulnerabilities privately through the channels described above.
- Allow reasonable time for investigation and remediation before public disclosure.
- Refrain from actions that could compromise user data, privacy, or service availability.
- Cooperate with maintainers during the validation and remediation process when additional information is required.
We deeply appreciate security researchers and contributors who help keep Career Pilot safe and secure. 🙏
- Career Pilot Repository: https://github.com/anurag3407/career-pilot
- GitHub Security Advisories: https://docs.github.com/en/code-security/security-advisories
- Adding a Security Policy to your repository: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository