Skip to content

Security: randomm/oo

Security

SECURITY.md

Security Policy

Supported Versions

Only the latest release (0.x series) receives security updates. Older versions are unsupported.

Reporting Vulnerabilities

Please report security vulnerabilities privately through GitHub Security Advisories — this ensures responsible disclosure.

Do not open a public issue for security vulnerabilities.

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if known)

Expected Timeline

We aim to acknowledge reports within 7 days and will communicate a remediation timeline.

What Qualifies

Security vulnerabilities include:

  • Dependency vulnerabilities
  • Command injection
  • Data exposure
  • Authentication/authorization flaws
  • Other security-critical issues

What Doesn't Qualify

These are bugs, not security issues:

  • Feature requests
  • Non-security functionality bugs
  • Performance problems
  • UI/UX issues

Report these via GitHub Issues.

There aren’t any published security advisories