The following versions of the project are currently receiving security updates:
| Version | Supported |
|---|---|
| Latest release | ✅ |
| One version prior to latest | ✅ |
| Older versions | ❌ |
The ArchetypAX project takes security seriously. If you discover a security vulnerability, please follow these steps to report it:
-
Do Not Use Public Bug Tracking Systems - Please do not report security vulnerabilities through public GitHub issues or pull requests.
-
Email Reporting - Send security-related issues to [email protected]. Please include as much detailed information as possible:
- The nature and type of the vulnerability
- The complete path where the vulnerability exists
- Steps to reproduce the issue
- Potential impact assessment
After receiving a security report, our handling process is as follows:
- We will review your report and determine if additional information is needed.
- Once the issue is confirmed, we will develop a remediation plan.
- We will prepare fixes for all affected versions still under support.
- We will release the fixes and properly document the issue in release notes.
The timeframe between vulnerability reporting and fix release varies depending on the severity and complexity of the issue. We aim to:
- Acknowledge receipt of reports within 24 hours
- Assess the severity and impact within 7 days
- Release fixes as quickly as possible (typically within 30 days)
Those who report security vulnerabilities will be acknowledged with attribution if desired after the remediation process is complete.
This security policy may be updated as the project evolves. Please refer to this file for the most current policy.