| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| 0.1.x | ❌ |
We take security seriously. If you discover a security vulnerability in Tree-sitter Analyzer, please report it responsibly.
- DO NOT create a public GitHub issue for security vulnerabilities
- Email the maintainers directly or use GitHub's private vulnerability reporting
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Timeline: Depends on severity
- Critical: 24-48 hours
- High: 7 days
- Medium: 30 days
- Low: 90 days
We will not pursue legal action against security researchers who:
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption of services
- Only interact with accounts you own or with explicit permission
- Report vulnerabilities through our responsible disclosure process
- Give us reasonable time to address issues before public disclosure
When using Tree-sitter Analyzer:
- Always use the latest version
- Review third-party plugins before use
- Run in isolated environments when analyzing untrusted code