If you discover a security vulnerability in any CentralPing project, please report it responsibly through GitHub's private vulnerability reporting:
- Navigate to the affected repository on GitHub.
- Go to the Security tab.
- Click Report a vulnerability.
- Fill in the details and submit.
Alternatively, you can email [email protected].
Please do not open a public issue for security vulnerabilities.
- Acknowledgment: Within 48 hours of receiving your report.
- Assessment: Within 7 days we will confirm the vulnerability and its impact.
- Fix: We aim to release a patch within 30 days of confirmation.
| Project | Supported Versions |
|---|---|
| ergo | Latest minor |
| ergo-router | Latest minor |
| json-api-query | Latest minor |
Only the latest minor release of each project receives security updates.
We follow coordinated disclosure. Once a fix is released, we will publish a GitHub Security Advisory with full details.