The versions below refer to ArchGuard project release tags. Security fixes are provided only for the latest patch release in a supported minor series; older patch releases should be upgraded to the newest available 0.1.x release. When a minor series is no longer listed here, it is considered end-of-life and will not receive security updates.
| ArchGuard release series | Supported | Support policy |
|---|---|---|
| 0.1.x | ✅ | Supported until this series is removed from this table; only the latest 0.1.x patch release receives security fixes. |
We take the security of ArchGuard seriously. If you believe you have found a security vulnerability, please follow the steps below to report it responsibly.
Please do not open a public GitHub issue for security vulnerabilities. Instead, send a detailed report via email to timothy.j.genz@gmail.com. To help us address the issue efficiently, please include:
- A description of the vulnerability.
- Steps to reproduce the issue (proof-of-concept code or screenshots are helpful).
- The potential impact of the exploit.
- Acknowledgement: You can expect a confirmation email within 48 hours of your report.
- Updates: We will provide status updates at least once every 7 days while the vulnerability is being investigated and patched.
- Resolution: If the vulnerability is accepted, we will work on a fix and coordinate a release date with you. We ask that you maintain confidentiality until a patch is made public.
- Outcome: If the report is declined, we will provide a clear explanation as to why it was determined not to be a security risk.