GuardBSD provides security updates only for actively supported releases.
Below is the current support matrix:
| Version | Supported | Notes |
|---|---|---|
| Winter Saga (v1.0.x) | Supported | Full security updates |
| v0.9.x (Pre-release) | Not Supported | Use for testing only |
| < v0.9 | Not Supported | End-of-life |
LTS Policy: The Winter Saga release line (v1.0.x) is designated as Long-Term Support (LTS) and will receive security patches until December 2027.
We take security seriously. If you discover a vulnerability in GuardBSD, please report it responsibly.
-
Do NOT open a public GitHub issue
-
Send a detailed report to:
Email: security@guardbsd.org
PGP Key: https://guardbsd.org/pgp-key.txt
<br
-
Description of the vulnerability
-
Steps to reproduce (PoC if possible)
-
Affected components (kernel, bootloader, tools)
-
Impact assessment (privilege escalation, DoS, etc.)
-
Your contact info (optional, for coordination)
| Timeline | Action |
|---|---|
| < 24 hours | Acknowledgment of receipt |
| < 72 hours | Initial triage and priority assignment |
| < 7 days | CVE assignment (if applicable) and patch development |
| Upon fix | Coordinated disclosure + advisory |
-
We follow responsible disclosure
-
Reporters are credited in advisories (unless anonymity requested)
-
Patches are released as soon as ready, not on a fixed schedule
All security advisories are published at:
https://guardbsd.org/security/advisories
Thank you for helping keep GuardBSD secure.