| Version | Supported |
|---|---|
| latest | ✅ |
Please do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities privately via GitHub Security Advisories.
| Stage | Target |
|---|---|
| Acknowledgement | 48 hours |
| Initial triage | 5 business days |
| Fix / mitigation | 90 days |
OpenFiltr ships with:
- CSRF protection for browser sessions
- Secure,
HttpOnlysession cookies - Rate limiting on authentication endpoints
- Audit logging for all destructive actions
- Signed releases (planned for v1.0)
- SBOM generation on every release