Volqan is pre-1.0 software. Security fixes are applied on a best-effort basis to the latest development line and the most recent tagged release line.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
| < 0.1.0 | No |
Please report suspected security vulnerabilities privately to sharif@readypixels.com.
Include as much detail as possible:
- affected package or feature
- reproduction steps or proof of concept
- impact assessment
- suggested mitigations if known
- your preferred contact details for follow-up
Please do not disclose vulnerabilities publicly in GitHub issues, discussions, pull requests, or social media before coordinated disclosure is complete.
Volqan aims to follow this response process:
- Within 72 hours: acknowledge receipt of the report
- Within 7 days: provide an initial triage status or request more details
- Within 30 days: target a remediation plan, patch, mitigation, or documented workaround when feasible
Timelines may vary depending on severity, report quality, and release coordination needs, but reporters will be kept informed when delays occur.
- A report is received and acknowledged.
- Maintainers validate the issue and assess severity and scope.
- A fix or mitigation is prepared privately.
- A release plan is coordinated.
- A public advisory or release note is published once users have a reasonable path to update.
If you act in good faith, avoid privacy violations and service disruption, and give the project a reasonable opportunity to remediate before public disclosure, Volqan will treat your research as responsible disclosure.