Only officially tagged releases are supported. At time of writing, the supported release is:
- v1.0 — Supported
Older or untagged snapshots may not receive security updates.
If you discover a security vulnerability in LHDNS, please do NOT open a public issue. Public disclosure may put users at risk.
Instead, report the issue privately to:
- Email: contact@twincodesworld.com
- Subject line:
LHDNS Security Disclosure
When reporting, please include:
- Short summary of the issue and potential impact.
- Reproduction steps or a minimal proof-of-concept (if safe).
- Affected component(s) and version (e.g., Annex A, client SDK, node).
- Any suggested mitigations or patches (optional).
- Your preferred contact method and timeline for disclosure coordination.
We will acknowledge receipt within 72 hours and coordinate a timeline for a fix and disclosure.
- Acknowledgement: within 72 hours after receipt.
- Triage & Assessment: security team evaluates impact and prioritizes fix.
- Mitigation & Patch: a fix is developed, tested, and staged.
- Coordinated Disclosure: details are published only after a fix is available and deployed (or an agreed disclosure date with the reporter).
If immediate mitigation is needed (e.g., active exploitation), the team may publish a temporary advisory with mitigation steps prior to full patching.
If email fails or you need an alternate secure channel, indicate so in your initial message and we will provide a secure upload link or PGP key (on request).
When a vulnerability is fixed and coordinated disclosure is complete, a public advisory may be published in the repository SECURITY_ADVISORIES folder or release notes, with attribution only if the reporter consents.
Thank you for helping keep LHDNS secure. Responsible reporting protects the community and helps the project mature safely.