| Version | Supported |
|---|---|
main branch |
Yes |
| Latest release | Yes |
| Other branches / older releases | Best effort |
Do not open a public GitHub issue for security vulnerabilities.
Use GitHub private vulnerability reporting (preferred):
https://github.com/org-event/OpenPolySphere/security/advisories/new
Maintainers can also publish coordinated disclosures via Security Advisories.
We aim to acknowledge valid reports within 7 days and share a remediation timeline once confirmed.
This repository is monitored with:
- Dependabot (dependency CVE alerts and update PRs)
- CodeQL static analysis (Rust, JavaScript, GitHub Actions workflows)
cargo audit/bun auditin CI- Dependency review on pull requests
- Secret scanning and push protection (GitHub)