We actively support the following versions of ClassMetrix:
| Version | Supported |
|---|---|
| 1.x.x | โ Yes |
| 0.x.x | โ No |
If you discover a security vulnerability in ClassMetrix, please report it responsibly:
- DO NOT create a public GitHub issue for security vulnerabilities
- Email security reports to: patrick204nqh@gmail.com
- Include "SECURITY" in the subject line
- Provide detailed information about the vulnerability
Please include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if you have one)
- Your contact information
- Initial Response: Within 48 hours
- Assessment: Within 1 week
- Fix Development: Based on severity
- Public Disclosure: After fix is available
When using ClassMetrix:
- Keep the gem updated to the latest version
- Validate all input when using dynamic class loading
- Use proper access controls in your application
- Follow Ruby security best practices
We appreciate security researchers who help keep ClassMetrix safe. Contributors will be:
- Credited in the CHANGELOG (with permission)
- Mentioned in security advisories
- Thanked publicly (unless anonymity is requested)
Security updates are released as patch versions and announced via:
- GitHub Security Advisories
- RubyGems.org security notifications
- Project README and CHANGELOG
For questions about this security policy, contact patrick204nqh@gmail.com.