QQQ follows semantic versioning and provides security updates for the following versions:

Note: We recommend using the latest stable version for security updates.

🚨 Security vulnerabilities should NEVER be reported publicly.

If you discover a security vulnerability in QQQ, please report it privately:

Send security reports to: security@kingsrook.com

• Description: Clear description of the vulnerability
• Impact: Potential impact on users and systems
• Reproduction: Steps to reproduce the issue
• Environment: QQQ version, Java version, OS details
• Timeline: If you need disclosure by a specific date

• Initial Response: Within 24 hours
• Assessment: Within 3 business days
• Update: Regular updates on progress
• Resolution: As quickly as possible based on severity

1. Acknowledgment: We'll acknowledge receipt within 24 hours
2. Investigation: Our security team will investigate the report
3. Assessment: We'll assess the severity and impact
4. Fix Development: Develop and test a security fix
5. Release: Release a security update
6. Disclosure: Public disclosure with credit (if requested)

• Keep Updated: Always use the latest stable version
• Monitor Releases: Watch for security advisories
• Report Issues: Report any security concerns immediately
• Follow Guidelines: Use QQQ according to security best practices

• Security Review: All code changes undergo security review
• Dependency Scanning: Regular vulnerability scanning of dependencies
• Secure Development: Follow secure coding practices
• Testing: Security testing is part of our development process

QQQ includes several security features:

• Input Validation: Comprehensive input validation and sanitization
• Authentication: Secure authentication and authorization systems
• Data Protection: Encryption for sensitive data
• Audit Logging: Comprehensive audit trails for security events
• Secure Defaults: Secure-by-default configuration

Security updates follow our standard Release Flow:

1. Security Fix: Develop and test security fix
2. Release Branch: Create release branch for security update
3. Testing: Thorough testing of security fix
4. Release: Release security update to users
5. Communication: Notify users of security update

• GitHub Releases: Security updates announced in release notes
• Security Advisories: GitHub security advisories for critical issues
• Email Notifications: Direct notifications for critical vulnerabilities

• Security Email: security@kingsrook.com
• General Contact: contact@kingsrook.com
• Company: Kingsrook, LLC
• Website: https://qrun.io

Thank you for helping keep QQQ secure! 🛡️