The following versions of Stellar Stream are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of Stellar Stream seriously. If you believe you have found a security vulnerability, please report it privately.
Please do not open a public issue for security vulnerabilities.
Please use the GitHub Security Advisory form to report vulnerabilities privately.
This is the preferred method as it allows us to communicate with you privately and coordinate a fix before public disclosure.
Once a report is received through the GitHub Security Advisory form, we commit to the following response timeline:
- 48 hours: Acknowledgement of receipt of the report.
- 7 days: Initial assessment and confirmation of the vulnerability.
- 30 days: Target for providing a fix or public disclosure (depending on complexity).
Maintainers: Please ensure that GitHub Security Advisories are enabled for this repository to allow researchers to submit reports privately.