Skip to content

Security: ktsoator/or

Security

.github/SECURITY.md

Security Policy

Supported versions

Security fixes are provided for the latest released version of or. Users should upgrade to the latest release before reporting an issue or requesting a fix. Older pre-1.0 versions are not maintained separately.

Reporting a vulnerability

Do not report security vulnerabilities through public GitHub issues, discussions, pull requests, or logs.

Use GitHub's private vulnerability reporting form:

https://github.com/ktsoator/or/security/advisories/new

Include enough information to reproduce and assess the issue:

  • The affected package and version
  • A description of the vulnerability and its impact
  • Reproduction steps or a minimal proof of concept
  • Any known mitigations or workarounds
  • Whether the issue has been disclosed elsewhere

Remove API keys, credentials, private prompts, personal data, and unrelated service information from the report.

The project will acknowledge the report, investigate it, and coordinate a fix and disclosure timeline with the reporter. Please allow time for a patch to be prepared and released before publishing details.

There aren't any published security advisories