Security Policy¶
Supported Versions¶
| Version | Supported |
|---|---|
| 0.1.x (latest) | ✅ |
| < 0.1.0 | ❌ |
Reporting a Vulnerability¶
If you discover a security vulnerability in Ansible Crafting, please report it responsibly.
Do not open a public issue. Instead, contact the maintainer directly:
- Email: ghent@starshadow.com
- Subject line:
[SECURITY] Ansible Crafting — <brief description>
What to Include¶
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Response Timeline¶
| Action | Timeframe |
|---|---|
| Acknowledgment of report | Within 48 hours |
| Initial assessment | Within 1 week |
| Fix released (if confirmed) | Best effort, typically within 2 weeks |
Scope¶
This policy covers: - The Ansible Crafting mod code - Build scripts and CI/CD configuration - Any server-side code that processes network packets
This policy does not cover: - Minecraft itself - Fabric Loader or Fabric API - Third-party dependencies (Cloth Config, Mod Menu, EMI, REI)
Disclosure¶
Once a fix is released, the vulnerability will be disclosed in the Changelog with appropriate credit to the reporter (unless they prefer to remain anonymous).