Thank you for helping keep Mylonite and its users safe.
Security fixes are currently provided on a best-effort basis for the latest alpha line.
| Version | Supported |
|---|---|
| 0.1.x | ✅ Yes |
| < 0.1 | ❌ No |
Please do not open public issues for security vulnerabilities.
Instead, report vulnerabilities privately by emailing:
Please include as much information as possible:
- Affected versions/commit SHA
- Reproduction steps or proof of concept
- Potential impact
- Any suggested remediation
- Initial acknowledgment: within 3 business days
- Triage + severity assessment: within 7 business days
- Status update and remediation plan: within 14 business days
These are targets, not guarantees, but we aim to communicate regularly until resolution.
- We will validate and triage reported issues.
- We may request additional details or coordinated testing from the reporter.
- A fix is prepared and released.
- Public disclosure is coordinated after a fix is available, when possible.
If a scanner report appears to be a false positive, open a regular issue with:
- scanner/tool name and version
- rule/check identifier
- why the result appears to be a false positive
Do not include sensitive secrets or exploit details in public issues.