34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Only the latest release on the `v1.14.x` line receives security fixes.
|
|
|
|
| Version | Supported |
|
|
| -------- | ------------------ |
|
|
| 1.14.x | :white_check_mark: |
|
|
| < 1.14 | :x: |
|
|
|
|
## Scope
|
|
|
|
`go-sqlite3` is a CGo binding that bundles the SQLite amalgamation
|
|
(`sqlite3-binding.c` / `sqlite3-binding.h`). Please report issues to the
|
|
appropriate project:
|
|
|
|
- Bugs in the Go binding layer, CGo glue, build tags, or this repository's
|
|
own code: report here.
|
|
- Vulnerabilities in SQLite itself: please report them upstream to the
|
|
SQLite developers at <https://www.sqlite.org/>. Once a fix is released
|
|
upstream, this repository will update the bundled amalgamation.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please **do not** open a public GitHub issue for security problems.
|
|
|
|
Use GitHub's private vulnerability reporting:
|
|
<https://github.com/mattn/go-sqlite3/security/advisories/new>
|
|
|
|
This project is maintained on a best-effort basis by volunteers, so please
|
|
allow reasonable time for investigation and a fix before any public
|
|
d
|