This repository tracks active development. Security fixes are applied to the latest main branch.
| Version | Supported |
|---|---|
latest main |
✅ |
| older commits/tags | ❌ |
If you find a security issue, please report it privately.
Preferred: GitHub Security Advisories (private report)
- Open a private vulnerability report in this repository's Security tab.
Fallback (if advisory is unavailable)
- Open an issue with minimal details and mark it clearly as security-related.
- Do not post exploit code or secrets publicly.
- Initial acknowledgment target: within 72 hours
- Triage and severity assessment target: within 7 days
- Fix timeline depends on severity and reproducibility
Please avoid public disclosure until:
- the issue is confirmed,
- a fix or mitigation is available, and
- maintainers approve coordinated disclosure.
This project is a UI fork for OpenClaw. Some risk decisions are inherited from upstream architecture (for example browser-local state handling). Reports are still welcome; we will document, mitigate, or upstream fixes where applicable.