We take security vulnerabilities seriously. Thank you for helping to keep cuioss projects secure.
Please do NOT create public GitHub issues for security vulnerabilities.
Report vulnerabilities privately through GitHub's Private Vulnerability Reporting:
- Go to the Security tab of the affected repository
- Click "Report a vulnerability"
- Fill in the vulnerability details
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Any suggested fixes (optional)
| Action | Timeframe |
|---|---|
| Initial response | Within 48 hours |
| Status update | Within 7 days |
| Fix timeline | Depends on severity |
- We will acknowledge receipt of your report
- We will investigate and keep you informed of progress
- We will credit reporters in release notes (unless you prefer anonymity)
- We request responsible disclosure - please allow us time to fix before public disclosure
Each repository maintains its own support policy. Generally:
- Latest major version: Full support
- Previous major version: Security fixes only
- Older versions: No support
When using cuioss libraries:
- Keep dependencies up to date
- Follow the principle of least privilege
- Validate all inputs
- Review security advisories regularly