The HTTP/1.2 project is in early stage. Security should play a major role, so read the following considerations carefully.
The following table outlines the versions of the project currently supported with security updates:
| Version | Supported |
|---|---|
| 0.x | ❌ Unsupported |
We recommend always using the latest version of the project to ensure you receive the latest security updates and features.
To report a security vulnerability, please follow these steps:
-
Email Security Contact: Send an email to security@webcodex.de with the subject line:
Security Vulnerability Report: http/1.2.- Include a detailed description of the vulnerability.
- Provide steps to reproduce the issue, if applicable.
- If possible, include proof-of-concept code or examples.
-
Response Timeline:
- We will acknowledge your report within 48 hours.
- After the initial review, we will provide an estimated timeline for resolution.
-
Responsible Disclosure:
- We kindly request that you do not publicly disclose the vulnerability until we have resolved the issue.
- Acknowledgment of your report will be provided in the release notes of the fixed version, if desired.
To contribute securely to this project, we recommend the following:
- Code Reviews: All code contributions must undergo peer review to ensure they adhere to secure coding practices.
- Secure Data Handling: Avoid including sensitive information (e.g., credentials, tokens) in the codebase.
- Dependency Updates: Regularly update dependencies to their latest secure versions.
For more information on reporting vulnerabilities, visit:
GitHub Security Advisories
OWASP Top 10 Security Risks
Thank you for helping us ensure the security of this project!