This software should currently be considered beta quality software! Use at your own risk.
If you discover a security vulnerability, please report it to:
While we do not currently participate in any bug bounty programs, we promise to acknowledge the email within 21 days and respond within 30 days of the disclosure of the potential vulnerability with it's legitimicy.
We ask that you refrain from public disclosure until either of the following conditions are met:
-
We respond, indicating that the vulnerability has been resolved in the latest release
-
45 days have passed since the initial report, OR, 14 days have passed since our last email communication about the vulnerability, whichever is less.
Changes made to this security policy will take effect no sooner than 50 days after publication on the master branch of https://github.com/zbeekman/EditorConfig-Action.