If you discover a security issue in any OpenOctopus project, please report it responsibly.
Do NOT open a public issue. Instead, email us at:
Include:
- Description of the issue
- Steps to reproduce (if possible)
- Affected package(s) and version(s)
- Any potential impact assessment
- Acknowledgment: within 48 hours
- Initial assessment: within 7 days
- Fix or mitigation: as soon as practical, depending on severity
This policy applies to all repositories under the open-octopus organization.
We follow coordinated disclosure. We will work with you to understand the issue, develop a fix, and agree on a disclosure timeline before any public announcement.
We appreciate the security research community's efforts to help keep OpenOctopus safe for everyone.