Skip to content

Security: forceCalendar/react

Security

SECURITY.md

Security Policy

forceCalendar targets security-sensitive environments (Salesforce Lightning, strict-CSP enterprises), so we take vulnerability reports seriously and publish our security posture openly at the audit page.

Supported versions

Package Supported
@forcecalendar/core latest 2.x
@forcecalendar/interface latest 1.x
Salesforce distribution latest release

Reporting a vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Use GitHub private vulnerability reporting on the affected repository ("Security" tab → "Report a vulnerability").

Include, where possible:

  • The affected package and version
  • A description of the vulnerability and its impact
  • Steps to reproduce or a proof of concept

What to expect

  • Acknowledgement within 72 hours
  • Assessment and severity triage within 7 days
  • Fix or mitigation targeted within 30 days for high/critical issues

Confirmed vulnerabilities and their remediation status are tracked publicly (after a fix is available) via issues labeled type:security and surfaced on the audit page.

There aren't any published security advisories