| Version | Supported |
|---|---|
| latest (main) | ✅ |
| older releases | ❌ |
Do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities privately via GitHub's Security Advisories or by emailing the maintainers directly (see repository contact info).
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)
| Severity | Acknowledgment | Resolution Target |
|---|---|---|
| Critical | 48 hours | 7 days |
| High | 48 hours | 14 days |
| Medium/Low | 48 hours | 30 days |
We follow coordinated disclosure:
- You report privately.
- We acknowledge within 48 hours.
- We work on a fix and keep you informed.
- Once a fix is released, we credit you (unless you prefer anonymity) and publish a security advisory.
- Public disclosure happens after the fix is available.
Thank you for helping keep XStreamRoll secure.