Hibi is pre-1.0 and under active development. Security fixes land on the latest 0.x release line; older 0.x releases do not receive backported patches. Always upgrade to the most recent release before reporting an issue.
| Version | Supported |
|---|---|
| latest 0.x | ✅ |
| older 0.x | ❌ |
Please do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities privately through GitHub's Private Vulnerability Reporting: go to the repository's Security tab and click "Report a vulnerability", or use this direct link:
➡️ https://github.com/npupko/hibi/security/advisories/new
This keeps the report confidential between you and the maintainer until a fix is available and a coordinated disclosure can be arranged.
If you can't use GitHub's private reporting for any reason, email the maintainer directly at lazynick7@gmail.com.
When reporting, please include as much of the following as you can:
- a description of the vulnerability and its impact;
- steps to reproduce, or a proof of concept;
- the affected version or commit;
- any suggested remediation.
Hibi is maintained by a single person on a best-effort basis. You can expect an initial acknowledgement within a few days, though response times may vary. Valid issues will be investigated and patched on the latest 0.x line as quickly as is practical, and we'll coordinate disclosure timing with you.
Thank you for helping keep Hibi and its users safe.