json-as/SECURITY.md

The only JSON library you'll need for AssemblyScript. SIMD enabled

# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 1.x.x   | Active Development |
| 0.9.x   | Maintainence       |
| <=0.8.x | Unsupported        |

## Reporting a Vulnerability

If you believe you have discovered a security vulnerability in this project, please report it as soon as possible. Follow the steps below to report a vulnerability:

1. **Report via GitHub Issues**: Please submit your vulnerability report via the [GitHub Issues](https://github.com/JairusSW/json-as/issues) page. If you prefer, you can also send an email directly to [me@jairus.dev](mailto:me@jairus.dev).

2. **Provide Details**: Include as much detail as possible, including the steps to reproduce, what you believe the impact is, and any suggested remediation if applicable.

3. **Acknowledgment**: Once your report is received, we will acknowledge it within 48 hours. You will then receive an update on the progress of the investigation and a timeline for a potential fix.

4. **Resolution Timeline**:

   - Critical vulnerabilities will be prioritized, and we aim to issue a patch within 7 business days.
   - Non-critical vulnerabilities will be evaluated and addressed in the next stable release.
   - If the vulnerability is accepted, a fix will be issued, and a security advisory will be published.
   - If the vulnerability is declined, you will be notified of the decision with an explanation.

5. **Confidentiality**: Please do not disclose the vulnerability to the public or other parties until the issue has been addressed. This helps ensure that users of the project are not at risk before a patch is available.

6. **Credits**: If your report leads to a fix, we will credit your contribution in the release notes, if you are comfortable with that.

Thank you for helping us keep this project secure!