We take security seriously. Please report vulnerabilities privately and avoid creating public issues or pull requests that disclose details.
- Branch:
trunk(active development) - Releases: v2.x (as published)
Older snapshots/legacy branches may not receive security fixes.
- Preferred: Use GitHub’s private vulnerability reporting for this repo: https://github.com/alpharover/alpha_rover/security/advisories/new
- Alternative: If private reporting is unavailable, open a GitHub issue with the “security” label and minimal details; we will follow up to move the discussion private.
- Affected components, versions/commit, and environment
- Steps to reproduce (minimal, if possible)
- Impact assessment (e.g., confidentiality/integrity/availability)
- Any suggested mitigations or workarounds
- Acknowledge receipt: within 3 business days
- Initial assessment: within 7 business days
- Coordinated fix & disclosure timeline agreed with reporter (target ≤30 days when feasible)
- Do not test on live robots without permission; use simulation or test stands
- Avoid automated scanning that could degrade CI or infrastructure
- Supply-chain issues in third-party dependencies will be tracked and addressed as feasible
Thank you for helping keep alpha_rover and its users safe.