SchroSIM is an active development project. Security fixes are applied to the latest development line.
| Version | Supported |
|---|---|
main |
✅ |
| Older branches/tags | ❌ |
Please report suspected vulnerabilities privately. Do not open public issues for exploitable security details.
Preferred process:
- Use GitHub private vulnerability reporting for this repository if available.
- Include clear reproduction details:
- affected component (
core-rust,core-swift, CLI, runtime config), - impact and attack scenario,
- proof of concept or minimal reproduction input,
- suggested mitigation if known.
- affected component (
If private vulnerability reporting is not enabled, open a minimal issue requesting a private channel and do not include exploit details publicly. You can also contact the maintainer account at https://github.com/DennisWayo and request a private reporting channel.
Project maintainers aim to:
- Acknowledge reports within 5 business days.
- Assess severity and affected scope.
- Coordinate remediation and validation.
- Publish fixes and disclosure notes once users can safely update.
Security reports are especially useful for:
- Unsafe parsing or execution behavior in circuit/runtime input paths.
- Privilege or boundary breaks in tooling or scripts.
- Supply-chain risk in dependency and build workflows.
- Sensitive data leakage through logs, traces, or exported artifacts.