We provide security updates for the latest stable release of Cosmolet and encourage all users to stay updated to benefit from the latest security and bug fixes. Older versions may not receive patches.
| Version | Supported |
|---|---|
| Latest (main) | ✅ Supported |
| Previous major | |
| Older | ❌ Not supported |
If you discover a security vulnerability in Cosmolet:
- DO NOT create a public GitHub issue.
- DO NOT share details publicly until the vulnerability has been resolved.
Instead, please report it confidentially to the Cosmolet security team at:
Please provide as much detail as possible including:
- A detailed description of the vulnerability.
- Steps to reproduce or proof-of-concept (if possible).
- Your contact information for any follow-up.
The security team will acknowledge your report within 3 business days and coordinate with you privately on remediation, patch releases, and coordinated disclosure where necessary.
- We review code for potential security issues during code review and before new releases.
- Dependencies are monitored regularly for upstream vulnerabilities (using tools such as GitHub Dependabot).
- We encourage responsible disclosure and strive for transparency after a vulnerability is resolved.
Once a vulnerability is fixed:
- We will publish security advisories in the Cosmolet GitHub repository and project website, crediting reporters upon request.
- Users are advised to upgrade immediately to the patched version.
If you have general questions or suggestions regarding Cosmolet’s security, email us at [email protected].
For urgent or embargoed disclosures, always use the official security contact.