| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in cq, please report it responsibly:
- Do not open a public GitHub issue for security vulnerabilities
- Email the maintainer directly at grishminkarki7@gmail.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix timeline: Depends on severity, typically 1-4 weeks
This policy applies to:
- The
cqCLI tool - Dependencies directly controlled by this project
For vulnerabilities in third-party dependencies (like CML), please report to the respective maintainers.
Security researchers who responsibly disclose vulnerabilities will be acknowledged in the release notes (unless they prefer to remain anonymous).