(Or: How We Keep Our Little Framework from Getting into Trouble)

At Ushka, we take security seriously. While we strive to be as cute and minimalist as possible, that doesn't mean we compromise on keeping our little framework safe for everyone who uses it. If you believe you've found a vulnerability, we appreciate your help in disclosing it responsibly.

If you've discovered a security vulnerability in Ushka, please do not open a public issue. We kindly request that you report it to us privately first.

Here's how to report:

• Email Us: Send a detailed report to kleber.code@gmail.com.
• Be Specific: In your report, please include:
  • A clear description of the vulnerability.
  • Steps to reproduce the vulnerability (this is super helpful!).
  • Any potential impact or exploit scenarios.
  • The version of Ushka you've identified the vulnerability in.
  • Any suggested mitigations (if you have them!).

We aim to acknowledge your report within 2 business days and provide an initial assessment. Our team will work diligently to investigate and address the vulnerability as quickly as possible. We appreciate your patience as we fix things up!

We kindly ask that you:

• Do not disclose the vulnerability publicly until we have had a reasonable amount of time to address it.
• Avoid accessing or modifying data that doesn't belong to you.
• Do not engage in denial-of-service attacks or other disruptive activities.

When you report a security issue to us in good faith, we commit to:

• Responding to your report promptly.
• Keeping you informed about the progress of the fix.
• Giving you credit for responsible disclosure (if you wish).

Thank you for helping us keep Ushka safe and sound for everyone! Your vigilance makes our community stronger. 💖