We're currently supporting the following versions of Kado with security updates:
| Version | Supported |
|---|---|
| 1.0.0 | ✅ |
| < 1.0 | ❌ |
Hey there! We (that's just the two of us - Janpreet Singh and Rachel Kaur) take Kado's security seriously. If you've found a security vulnerability, we'd really appreciate you letting us know.
-
Please don't report security vulnerabilities through public GitHub issues.
-
Instead, send us an email at [[email protected]]. We promise to read it promptly!
-
In your email, please include:
- What kind of issue it is (like a bug that could be exploited)
- Where in the code you found it
- How we can reproduce the issue
- If possible, how someone might try to take advantage of it
-
We'll do our best to respond as soon as possible. We might need to ask you some follow-up questions.
- We'll confirm we got your email.
- We'll let you know our plan for addressing the issue.
- We'll keep you updated on our progress.
- Your name and details are safe with us - we won't share them without your okay.
We're a small team and don't have any bug bounty program. But we're incredibly grateful for your help in making Kado more secure. If you find something significant, we'd be happy to credit you in our release notes (unless you prefer to remain anonymous).
To keep things simple (remember, it's just the two of us!), we'd appreciate if all communications could be in English.
- We'll work on fixing the issue as quickly as we can.
- We ask that you give us a reasonable amount of time to address the issue before you tell others.
- Please be mindful of user privacy and data during your research.
- If you need to interact with any accounts for testing, please only use accounts you own or have explicit permission to access.
Thank you so much for helping us keep Kado and its users safe! We truly appreciate your effort and diligence.
Cheers, Janpreet Singh and Rachel Kaur