| Version | Supported |
|---|---|
| Latest | ✅ |
If you discover a security vulnerability in Comark, please report it responsibly.
Do not open a public issue. Instead, please email us at:
Include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours of receiving the report
- Assessment: Within 7 days we will assess the severity and impact
- Fix: Critical vulnerabilities will be patched as soon as possible
- Disclosure: We will coordinate with you on public disclosure timing
This policy applies to all packages in the Comark monorepo:
comark@comark/html@comark/ansi@comark/vue@comark/react@comark/svelte@comark/nuxt
Comark includes a built-in security plugin (comark/plugins/security) that provides XSS sanitization. We recommend enabling it when rendering user-generated content.
Thank you for helping keep Comark and its users safe.