Catbee Technologies is committed to maintaining the security and integrity of all our tools, libraries, and open-source projects.
This repository defines the default security policy for the entire organization, applying to all Catbee repositories unless overridden.
If you believe you have discovered a security vulnerability in any Catbee Technologies project:
- Do not open a public GitHub issue.
- Do not disclose the issue publicly.
- Please send a detailed report to:
security@catbee.in
Include, when possible:
- A clear description of the issue
- Steps to reproduce
- Potential impact
- Any suggested fixes or mitigation ideas
We will acknowledge receipt of your report within a reasonable timeframe.
This policy covers:
- All public repositories under the Catbee Technologies organization
- Libraries, utilities, toolkits, CLIs, and platform components
- Build pipelines, configuration files, and published packages
It does not cover:
- Deprecated or archived repositories
- Third-party dependencies used in Catbee projects
- Security issues unrelated to Catbee-managed code
For documentation-only repositories, the impact surface is typically low, but the same private reporting process should be followed if you believe a configuration or deployment-related vulnerability exists.
Security updates are provided as needed for actively maintained repositories.
Projects that are marked as:
- Archived
- Unmaintained
- Legacy
may not receive security patches.
Refer to each repository’s README for maintenance status.
We kindly ask that researchers:
- Give us reasonable time to investigate and address the issue
- Avoid exploiting the vulnerability
- Avoid accessing user data
- Do not run automated scanners against production systems
We appreciate all responsible security efforts that help make our ecosystem safer.
For any questions or concerns related to security:
support@catbee.in