| Package | Supported |
|---|---|
| qontos >= 0.1.0 | Yes |
| qontos-sim >= 0.1.0 | Yes |
| qontos-bench >= 0.1.0 | Yes |
If you discover a security vulnerability in any QONTOS package, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, send an email to: [email protected]
Include:
- Description of the vulnerability
- Steps to reproduce
- Affected package and version
- Potential impact assessment
We will acknowledge receipt within 48 hours and provide an initial assessment within 7 business days.
- We follow a 90-day coordinated disclosure timeline.
- Security fixes are released as patch versions with advisory notices.
- Contributors who report valid vulnerabilities will be credited (with permission) in the advisory.
This policy covers all repositories under the qontos GitHub organization.