We release patches for security vulnerabilities for the following versions:

If you discover a security vulnerability within request-client, please send an email to anitrendapp@gmail.com. All security vulnerabilities will be promptly addressed.

Please include the following information:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

• We will acknowledge your email within 48 hours
• We will provide a more detailed response within 7 days
• We will notify you when the issue is fixed

• We request that you do not publicly disclose the vulnerability until we have addressed it
• We will credit you in the release notes (unless you prefer to remain anonymous)

1. The security issue is received and assigned to a primary handler
2. The problem is confirmed and a list of affected versions is determined
3. Code is audited to find any similar problems
4. Fixes are prepared for all supported releases
5. New versions are released and announced

Thank you for helping keep request-client and its users safe!