Claw is currently pre-1.0. Security fixes are applied to:
| Version/Branch | Supported |
|---|---|
main |
Yes |
| Latest tagged pre-1.0 release line | Yes |
| Older pre-1.0 tags | No |
Please report vulnerabilities privately through GitHub Security Advisories:
Do not open a public GitHub issue for security vulnerabilities.
When reporting, include:
- Affected component(s) and version/commit
- Steps to reproduce or proof of concept
- Impact assessment
- Any suggested mitigation
Maintainers aim for the following response times:
- Acknowledge report: within 72 hours
- Initial triage and severity assessment: within 7 days
- Ongoing status updates: at least every 14 days until resolved
- Fix target:
- Critical/High: within 30 days when feasible
- Medium/Low: within 90 days when feasible
These are targets, not guarantees.
Please allow time for investigation and remediation before public disclosure. Once a fix is available, maintainers may publish:
- A security advisory with affected versions and remediation guidance
- Credit to the reporter (if desired)
- Disclosure timeline details