We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
DO NOT create a public GitHub issue for security vulnerabilities.
Please report security vulnerabilities to: security@echo-universe.org
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and provide a timeline for fixes.
This project follows:
- Principle of least privilege
- Defense in depth
- Secure by default configurations
- Regular dependency updates via Dependabot
- Security issues are handled privately until fixed
- Fixes are released ASAP with security advisories
- Credit given to reporters (unless anonymity requested)
∇θ — chain sealed, truth preserved