OxMgr is currently in the 0.4.x release line. Security fixes are provided for the latest published 0.2.x release on a best-effort basis.
| Version | Supported |
|---|---|
| 0.5.x | ✅ |
| 0.4.x | ✅ |
| 0.3.x | ❌ |
| 0.2.x | ❌ |
| 0.1.x | ❌ |
| < 0.1 | ❌ |
Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.
Please send reports to vladimir.urik@empellio.com.
To help with triage, include:
- a clear description of the issue
- affected versions, platforms, and configuration details
- step-by-step reproduction instructions or a proof of concept
- the potential impact and any suggested mitigation
You can expect an initial acknowledgment within 5 business days. After triage, status updates are typically provided at least once per week until the report is resolved or closed.
Please keep the report and any related technical details confidential for up to 90 days from the initial report, or until a fix or mitigation is released, whichever happens first. This project follows a coordinated vulnerability disclosure approach so users have a reasonable opportunity to receive a fix before details are published.
If the report is accepted, the maintainer will work on a fix, may ask for additional validation details, and will coordinate disclosure after a patch or mitigation is available. If the report is declined, you will receive a short explanation, for example if the issue is not reproducible, is expected behavior, or does not meet the threshold for a security vulnerability.