Only the latest released version of barangay receives security updates. Older versions are considered end-of-life and will not be patched.
| Version | Supported |
|---|---|
| Latest | ✅ |
If you discover a security vulnerability in this project, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities.
- Send an email to manuelb@hawitsu.xyz with the subject line
[barangay SECURITY]followed by a brief description. - Include as much detail as possible: steps to reproduce, affected component, potential impact, and any proposed fix if available.
- You can expect an acknowledgment within 3 business days, and a follow-up with a resolution timeline or questions within 7 business days.
- Known vulnerabilities in dependencies that affect
barangay - Code execution vulnerabilities (e.g., injection, deserialization issues)
- Data integrity issues (e.g., tampered PSGC data sources)
- Any other security concerns you believe the maintainers should be aware of
- Vulnerabilities will be disclosed publicly only after a fix has been released.
- Credit will be given to the reporter (unless anonymity is requested).
- We follow Coordinated Vulnerability Disclosure practices.