Skip to content

Latest commit

 

History

History
29 lines (18 loc) · 1.48 KB

File metadata and controls

29 lines (18 loc) · 1.48 KB

Security Policy

We take the security of burnless seriously. Thank you for helping keep the project and its users safe.

Supported versions

Security updates are applied to the latest minor release only. We do not backport fixes to older minor versions — please upgrade to the latest release to receive security patches.

Version Supported
Latest minor ✅ Yes
Older minors ❌ No (no backports)

Reporting a vulnerability

Please do not open a public issue for security reports. Public disclosure before a fix is available puts all users at risk.

Report vulnerabilities privately through either channel:

  1. Preferred — GitHub Private Vulnerability Reporting. Go to the repository's Security tab and click "Report a vulnerability" (Security Advisories). This keeps the report private and lets us collaborate on a fix and coordinated disclosure.
  2. Fallback — email security@burnless.ai.

Please include enough detail to reproduce: affected version, environment (self-host vs cloud), steps, and impact.

What to expect

  • Acknowledgment within ~72 hours of your report.
  • Coordinated disclosure with a standard 90-day window — we'll work with you on timing so a fix is available before details go public.
  • Credit is offered to reporters in the advisory and release notes (let us know if you'd prefer to remain anonymous).