We actively support the following versions of MvRAdaptiveCards with security updates:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability in MvRAdaptiveCards, please report it to us privately to allow us to address it before public disclosure.
Create a private security advisory through GitHub's security tab for this repository.
Please provide the following information when reporting a vulnerability:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Affected versions of the module
- Potential impact assessment
- Any suggested fixes or mitigations
- Execution Policy: Ensure your PowerShell execution policy is appropriately configured
- Script Signing: Consider using signed scripts in production environments
- Least Privilege: Run PowerShell with the minimum required privileges
In the event of a security incident:
- Immediate Response: Isolate affected systems if necessary
- Assessment: Determine the scope and impact of the incident
- Notification: Notify affected users and stakeholders as appropriate
- Remediation: Implement fixes and security patches
- Post-Incident: Conduct a post-incident review and update security measures
- PowerShell Security Best Practices
- Adaptive Cards Security Guidelines
- Microsoft Security Development Lifecycle
- PSScriptAnalyzer - PowerShell static code analysis
- Pester - PowerShell testing framework
This security policy may be updated periodically to reflect changes in our security practices or to address new security concerns. Check this document regularly for updates.
Last Updated: November 2025 Version: 1.0
For questions about this security policy, please contact the maintainers through the project's GitHub repository.