The security of the Temperature Converter Console App and its users is a top priority. We take all security vulnerabilities seriously and are committed to addressing them promptly and transparently.
- Supported Versions
- Reporting Security Vulnerabilities
- Security Best Practices
- Known Security Considerations
- Security Update Process
- Disclosure Policy
- Security Resources
| Version | Supported | Status |
|---|---|---|
| 1.2.x | ✅ Supported | Active development |
| 1.1.x | ✅ Security Only | Maintenance mode |
| 1.0.x | ❌ Not Supported | End of Life |
| < 1.0 | ❌ Not Supported | Legacy versions |
- 1.2.x: Full support including features and security updates
- 1.1.x: Security updates only for 6 months after 1.2 release
- Legacy: No further updates or support
If you discover a vulnerability, please report it responsibly.
DO NOT use GitHub issues for reporting security vulnerabilities.
- Maintainer: Mostafa Said
- Description of the issue
- Steps to reproduce
- Affected versions
- Severity and impact
- Proof of concept (optional but helpful)
- Download only from the official GitHub repo
- Use latest supported version
- Don’t enter sensitive data
- Run in a secure environment
- Validate and sanitize input
- Implement safe exception handling
- Perform code reviews
- Use static code analysis tools
- Console-only app
- No networking or data storage
- Safe math-based logic
- Edge case inputs
- Risk if file I/O is added later
- Review vulnerability
- Develop & test fix
- Perform security review
- Release with changelog
- Optional coordinated disclosure
| Severity | Response Time | Fix Deadline | Example |
|---|---|---|---|
| Critical | < 24 hrs | < 7 days | Remote code execution |
| High | < 48 hrs | < 14 days | Privilege escalation |
| Medium | < 7 days | < 30 days | Information disclosure |
| Low | < 14 days | < 90 days | Minor bugs, non-sensitive issues |
- We follow responsible disclosure
- You will be credited if desired
- Public disclosure typically after patch release or 90 days max
Thank you to all security researchers who contribute to a safer open source ecosystem.
Last updated: May 2025