This security policy applies to The End The Beginning game project.
The following versions of the project are currently being supported with security updates:
| Version | Supported | Status |
|---|---|---|
| 3.1.x | ✅ | Current stable release |
| 3.0.x | ❌ | Legacy, upgrade to 3.1.x |
| 2.0.x | ❌ | Legacy, no longer supported |
| < 2.0 | ❌ | Deprecated |
We take security seriously. If you discover a security vulnerability in this project, please follow these steps:
- DO NOT open a public GitHub issue for security vulnerabilities
- Report vulnerabilities through:
- GitHub Security Advisories: Use the "Security" tab on the repository
- GitHub Issues: For non-critical issues, you may open a private issue
- Email: Contact the maintainer directly (see GitHub profile)
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if available)
- Initial Response: Within 48 hours of report
- Status Update: Every 72 hours until resolved
- Resolution: Target within 7-14 days depending on severity
- Accepted Vulnerabilities: Will be patched and credited (if desired) in release notes
- Declined Reports: Will receive explanation of why the issue is not considered a vulnerability
- Security Updates: Published through GitHub releases with security tags
This project follows these security practices:
- Save files stored in user home directory (
~/.theendthebeginning/) - No network communication or external data transmission
- No collection of personal information
- Open source code available for review
- Regular dependency updates through Maven
This security policy covers:
- The game application code
- Build and deployment scripts
- Documentation and configuration files
Thank you for helping keep The End The Beginning and its users safe!