We actively maintain and provide updates for specific releases of this project. Versions that are listed as supported may receive bug fixes, security updates, and compatibility improvements. Versions not listed as supported will no longer be maintained.
All versions of this project are distributed under the Apache License 2.0.
| Version | Maintained |
|---|---|
| 1.0.x | ✅ Fully maintained |
🔒 We generally provide security updates for the latest major version.
If you believe you have found a security vulnerability in Operaton, open a private report through the GitHub Security Advisories interface:
https://github.com/operaton/operaton/security/advisories
See GitHub's guide on creating security advisories for more details.
- A clear description of the issue and its impact
- Affected Operaton version(s) and environment details
- Steps to reproduce (proof-of-concept if possible)
- Your preferred contact details
- Whether you would like credit in the advisory
As a volunteer-driven project, we cannot guarantee strict timelines. However, we will:
- Acknowledge your report as quickly as possible (usually within a few days)
- Investigate the issue and keep you updated on progress
- Prepare a fix and release it in a new version once ready
- Publish an advisory with details and credit to reporters who request it
- Please note that fixes may require coordination with upstream dependencies or related projects.
This policy applies to vulnerabilities in the Operaton source code, builds, and official release artifacts.
Out-of-scope examples include:
- Denial of service through excessive traffic
- Issues in third-party dependencies (please report upstream)
- Social engineering or attacks against project members
- Vulnerabilities requiring privileged local access without privilege escalation
We ask that you do not publicly disclose details of a vulnerability until:
A fix has been released, and An advisory has been published. This helps protect users by giving them time to update.
Operaton is provided under the terms of the Apache License 2.0, on an “AS IS” basis, without warranties or conditions of any kind. This security policy does not create contractual obligations or service-level guarantees.
✅ By following this process, we ensure security issues are handled responsibly and transparently.