Skip to content

Security: complytime-labs/crosscodex

SECURITY.md

Security Policy

Reporting a Vulnerability

Do not open public issues for security vulnerabilities.

Use GitHub's private vulnerability reporting to submit your report. This keeps the details confidential until a fix is available.

When reporting, include:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce or a proof-of-concept
  • Affected versions or components, if known

Supported Versions

Only the latest release on the main branch receives security updates. Older releases are not patched.

Branch Supported
main (latest) Yes
Older releases No

What to Expect

  • Acknowledgment within 48 hours of your report.
  • Status update within 7 days with an initial assessment and remediation timeline.
  • Credit in the release notes, unless you prefer to remain anonymous.

We coordinate disclosure with reporters. We will not pursue legal action against researchers who report in good faith through this process.

There aren't any published security advisories