As Zond is currently in early development, we only provide security updates for the latest version on the main branch.
| Version | Supported |
|---|---|
| latest | ✅ |
| < 0.3.5 | ❌ |
We take the security of Zond seriously. If you believe you have found a security vulnerability, please report it privately to us.
Please do not open a public GitHub issue for security reports.
Instead, send a detailed report to: security@zond.rs
- A description of the vulnerability.
- Steps to reproduce the issue (including any relevant
zondcommands). - Potential impact if exploited.
Zond is currently a best-effort hobby project. While we do not have a formal full-time security team, we commit to:
- Acknowledging your report within 7 days.
- Providing a timeline for a fix once the vulnerability is confirmed.
- Crediting you for the discovery (if desired) in our release notes/hall of fame.
The security policy applies to all code within this repository, including:
zond-corezond-cli- Plugins and Protocol implementations
We currently do not offer financial bounties, but we deeply appreciate the time and effort researchers put into making Zond more secure.