| Version | Supported |
|---|---|
main |
✅ Yes |
Only the latest code on the main branch receives security fixes.
Do not open a public GitHub issue for security vulnerabilities.
Please report them via one of the following:
- GitHub Private Advisory — Report a vulnerability (preferred)
- Email —
security@veritas-vaults.network
Include as much detail as possible: steps to reproduce, affected component, and potential impact.
| Milestone | Target |
|---|---|
| Acknowledgement | Within 48 hours |
| Status update | Within 7 days |
| Patch / fix released | Within 14 days of confirmation |
We will coordinate a disclosure date with you once a fix is ready.
The following are not considered in-scope vulnerabilities:
- Bugs in third-party dependencies (report upstream)
- Issues in the Stellar network or Soroban protocol itself
- Freighter wallet internals
- Findings from automated scanners without a working proof-of-concept
- Social engineering or phishing attacks
We follow responsible disclosure. Please give us reasonable time to address the issue before any public disclosure.