Currently, all versions of the project are supported with security updates.

To report a vulnerability please email [email protected] with the subject "Shapes Project Vulnerability Report". Include in the email:

• Screenshots of the inputs or names of the code files (with line numbers if known) involved with the vulnerability.
• A detailed description of the vulnerability.
• Any suggestions of how to fix the vulnerability.
• Which version of the project you are using

Expect to receive a response within 3 to 5 business days with an update regarding the acceptance of the vulnerability as an issue to be added to the project. If your vulnerability is declined, an explanation will be provided.

If an internal user or contributor to the project is found to be editing the code or running the code with malicious intent, please report them immediately by following the instructions in the "Reporting a Vulnerability" section.

If the codebase has been compromised by an internal actor plan the repository will be made private and locked down to prevent further editing. A backup of the codebase will restore the project once the internal actor has been identified, reported, and restricted from accessing the project. An emergency notification will be sent to all users to avoid running the code to prevent compromising accounts or devices.

Security updates for this project will continue for the duration of the existence of this repository. Each security update sprint will last 2-3 weeks and include at least two new security items detailed in "UPDATES.md". Please refer to the "Reporting a Vulnerability" section for any security suggestions for the project.