We release patches for security vulnerabilities under the following versions:
| Version | Supported |
|---|---|
| 1.x | ✅ Full support |
| 0.x | ❌ Not supported |
Only the latest minor release of the 1.x series will receive security updates.
If you discover a security vulnerability in QBIN, please report it responsibly.
- Do not create a public GitHub issue.
- Instead, email the project security team at: security@quantag-it.com
- Include a description of the vulnerability, steps to reproduce, and potential impact.
We will:
- Acknowledge receipt of your report within 72 hours.
- Provide a status update within 7 days.
- Work with you on a fix and coordinated disclosure timeline.
This policy covers:
- QBIN specification reference implementations (compiler, decompiler, libraries)
- Associated tooling in this repository
Out of scope:
- Third-party integrations and forks
- Issues unrelated to security (use GitHub Issues for those)
Please report vulnerabilities in English if possible.
We follow a responsible disclosure model. Once a fix is available and released, we will publicly disclose the vulnerability in the CHANGELOG and release notes.