Skip to content

Security: francozeta/stepper

Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are considered for the latest released version of Stepper.

Stepper is distributed as source through the shadcn registry. Consumers copy the component into their own applications, so security impact can depend on local usage and customization.

Reporting a Vulnerability

Please do not open a public issue with exploit details.

Use GitHub private vulnerability reporting for this repository when available. If private reporting is not available, open a minimal issue asking for a private contact path and do not include sensitive details.

Helpful reports include:

  • affected version or commit
  • the vulnerable behavior
  • a minimal reproduction or proof of concept
  • expected impact
  • suggested mitigation, if known

Non-Security Issues

Accessibility bugs, rendering issues, documentation problems, and API design feedback should use the normal issue forms unless they expose a concrete security risk.

There aren't any published security advisories