lora-pilot is currently under active development. Security fixes are applied to the latest code on the default branch first.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older versions / forks / modified deployments | ❌ |
If you are running an older copy of the project, please upgrade to the latest version before reporting a security issue.
Please do not open a public GitHub issue for suspected security vulnerabilities.
Instead, report vulnerabilities privately using one of these methods:
- GitHub Private Vulnerability Reporting for this repository
- If private reporting is not available, contact the maintainer directly through the repository owner profile or the contact method listed in the repository
When reporting a vulnerability, please include as much of the following as possible:
- A clear description of the issue
- Steps to reproduce
- A proof of concept, if available
- Affected environment, version, branch, or commit
- Potential impact
- Any suggested remediation, if known
After a report is received:
- We will try to acknowledge receipt within 5 business days
- We may ask follow-up questions to verify and reproduce the issue
- If confirmed, we will work on a fix and coordinate responsible disclosure
- If the report is accepted, a fix may be released before public disclosure
- If the report is declined, we will explain why, when possible
Please understand that response times may vary depending on maintainer availability. Humanity insists on sleep and other inefficiencies.
Please follow responsible disclosure:
- Do not publicly disclose the issue before a fix is available
- Do not access, modify, or destroy data that does not belong to you
- Do not use social engineering, spam, phishing, or physical attacks
- Do not run denial-of-service or resource-exhaustion attacks
Good-faith security research intended to help improve the project is appreciated.
This policy applies to:
- The source code in this repository
- Build and dependency configuration maintained in this repository
- Default deployment and usage patterns documented by the project
This policy does not automatically cover:
- Third-party services, integrations, or plugins
- User-modified deployments
- Forks or downstream packages not maintained by this repository
Security fixes will be released in the way that best fits the current stage of the project. This may include:
- A direct patch to the default branch
- A tagged release
- A security advisory in GitHub, when appropriate
Users should regularly update dependencies and monitor the repository for security-related announcements.