OpenVCS is experimental. However, responsible disclosure is appreciated, and I will triage reports as quickly as reasonably possible.
Security fixes are provided on a best-effort basis for the following:
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Pre-releases | ❌ |
| Nightly | ❌ |
Note
Nightly and pre-release builds may contain fixes earlier, but are not considered supported security release channels.
Please report security vulnerabilities responsibly and do not open public issues.
Use GitHub’s private security advisories for this repository to report vulnerabilities.
I do not currently offer a bug bounty program.
I aim to acknowledge reports within 72 hours.
I will respond as soon as reasonably possible and coordinate any fixes or disclosure as needed.