OctoClaw is pre-1.0. Security fixes are generally applied to the active development branch and the latest tagged release line when a release line exists.
| Version | Supported |
|---|---|
main / active development |
Yes |
Latest released 0.x |
Best effort |
| Older releases | No |
Please do not open a public GitHub issue for security vulnerabilities.
Email reports to [项目维护者邮箱] with:
- a short summary of the issue
- affected version, commit, or package
- reproduction steps or proof of concept
- expected impact
- any suggested mitigation
请不要在公开 issue 中报告安全漏洞。请发送邮件到 [项目维护者邮箱],并包含问题
摘要、受影响版本/commit/package、复现步骤或 PoC、影响范围和建议缓解方式。
- Initial acknowledgement: within 3 business days
- Triage update: within 7 business days
- Fix or mitigation plan: depends on severity and reproduction quality
If a report is accepted, maintainers will coordinate disclosure timing with the reporter and credit the reporter when appropriate.
如果报告被确认,维护者会与报告者协调披露时间;在适当情况下会致谢报告者。