Skip to content

Security: faccts/orca-external-tools

Security

SECURITY.md

Security Policy

Supported Versions

We currently support the following versions of this project with security updates:

Version Supported
main / latest
Older versions

Reporting a Vulnerability

If you discover a security vulnerability, please do not create a public issue.
Instead, report it report vulnerabilities via GitHub's Private Vulnerability Reporting

Please include the following information in your report:

  • A description of the vulnerability
  • Steps to reproduce it (if possible)
  • The impact it could have
  • Any suggested fix (optional)

We aim to respond within 2 business days and resolve confirmed issues within 7–14 days, depending on severity.

Our Process

  1. You report the vulnerability confidentially.
  2. We acknowledge receipt and begin investigation.
  3. We work on a fix and prepare a patch release.
  4. We may coordinate with the reporter on credit (optional).
  5. The fix is released, and we publish a disclosure if appropriate.

Disclosure Policy

  • We support coordinated disclosure.
  • Please give us reasonable time to resolve the issue before any public disclosure.
  • We will acknowledge reporters who help improve project security (unless anonymity is requested).

There aren’t any published security advisories