Thank you for helping improve Ech0’s security.
We generally provide security fixes only for:
- The latest release (Latest)
- The previous stable release (Previous)
Older releases may not receive security patches; we recommend upgrading as soon as practical.
Please do not disclose security vulnerability details in public Issues or Discussions.
We recommend using GitHub’s private vulnerability reporting (Security Advisories):
If you cannot use the link above, contact the maintainers through a private channel they control, and include:
- Vulnerability type and impact
- Steps to reproduce or a proof of concept
- Affected versions, environment, and configuration
- Suggested fix (optional)
After we receive a report, we aim to:
- Acknowledge receipt within 48 hours
- Complete an initial assessment and severity rating within 7 days
- Ship a fix in a release as soon as possible and publish an advisory
Actual timelines may vary with complexity and release windows.
Please avoid public disclosure of vulnerability details before a patch is available.
We encourage responsible disclosure: share technical details after a fix is released to protect users.