Security fixes are provided for:
| Version | Supported |
|---|---|
master |
✅ |
| Latest stable release | ✅ |
| Older releases | ❌ |
Users should upgrade to a supported version before reporting issues when possible.
Do not open public issues for security vulnerabilities.
In case you found or suspect a security vulnerabilities which can be directly exploited, please report to security@copper-robotics.com
Do not use other channels or contact project contributors directly.
- Affected component(s) / crate(s)
- Impact and threat model
- Affected versions or commits
- Reproduction steps or PoC (if available)
Do not include secrets, private keys, or personal data.
- Acknowledgement: within 7 business days
- Triage: within 14 business days
We follow coordinated disclosure and ask reporters to keep issues confidential until a fix or advisory is published. Credit will be given upon request.
This policy covers:
- Code and crates in this repository
- Official build and release artifacts
Out of scope:
- Third-party dependency vulnerabilities (report upstream first)
- Deployment misconfigurations
- Social engineering
We support good-faith security research conducted responsibly and in accordance with this policy. We will not pursue legal action for compliant research.