| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
We take the security of ControllerKitBundle seriously. If you believe you have found a security vulnerability, please report it privately:
- Email: hectorfranco@nowo.tech
- Do not open a public GitHub issue for security-sensitive bugs.
Please include:
- Type of issue (e.g., injection, XSS, auth bypass, deserialization risk, etc.)
- Affected file(s) and version/tag/commit
- Steps to reproduce
- Impact assessment
- PoC (if available)
- Initial acknowledgment: within 48 hours
- Follow-up status: within 7 days
- Resolution: depends on complexity and impact
- We confirm receipt and validate the report.
- We prepare and publish a fix as soon as possible.
- We coordinate disclosure with the reporter.
- We credit responsible disclosure (unless anonymity is requested).
For technical details and the release security checklist, see docs/SECURITY.md.