Skip to content

Security: open-element/openelement

Security

SECURITY.md

Security policy

Do not report suspected vulnerabilities in public issues or discussions. Use GitHub private vulnerability reporting instead; it creates a private conversation with repository maintainers.

We acknowledge reports within five business days and aim to provide a status update within ten business days. Please include affected package and version, reproduction steps, impact, and any proposed mitigation. We coordinate a fix, credit reporters when requested, and publish an advisory when users need to act.

Only the latest published 0.41.x line is supported while alpha.7 is active. Pre-release packages may change before stable release; security fixes are made on the active release line whenever practical.

Dependency policy

GitHub Dependabot alerts are enabled for this repository and Dependabot opens weekly update proposals. Pull requests that change dependencies run immutable actions/dependency-review-action; high or critical findings fail the check. An open high/critical alert blocks a release until it is remediated or a maintainer records a time-bounded exception in the release evidence.

There aren't any published security advisories