We actively maintain the latest version of OpenRoad. Security updates and patches will only be provided for the latest stable release.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older (archived) versions | ❌ |
If you discover a security vulnerability in OpenRoad, we appreciate your help in disclosing it responsibly. Please follow these steps:
-
Do Not Disclose Publicly
Avoid discussing vulnerabilities in public forums, issue trackers, or social media until they have been resolved. -
Contact Us
Report the issue by emailing us at [INSERT CONTACT EMAIL]. Include the following details:- A clear and detailed description of the vulnerability.
- Steps to reproduce the vulnerability (if applicable).
- The potential impact or risk of the vulnerability.
-
What to Expect
After you report a vulnerability:- You will receive a confirmation of your report within 48 hours.
- We will investigate the issue and work to resolve it promptly.
- We may contact you for further details or clarification during the investigation.
-
Acknowledgment
Once the issue is resolved, we will acknowledge your contribution in our release notes or security advisory (if you prefer to remain anonymous, let us know).
To maintain a secure project, contributors should:
- Regularly review code for vulnerabilities.
- Use secure coding practices when contributing.
- Avoid including sensitive information (e.g., keys, passwords) in commits.
Thank you for helping us make OpenRoad a secure and trusted project for everyone.