Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Security fixes are provided for the latest 0.x release line.

Reporting a Vulnerability

Please report vulnerabilities privately by emailing:

contact@triformine.dev

Include:

impacted component (server, sdk-ts, control-api, etc.)
reproduction steps or proof of concept
impact assessment
suggested remediation (if available)

Do not open public issues for unpatched vulnerabilities.

Response Targets

Initial acknowledgment: within 72 hours
Triage decision: within 7 days
Fix and coordinated disclosure timeline: case-by-case based on severity

There aren’t any published security advisories