Skip to content

Security: ionalpha/flynn

SECURITY.md

Security Policy

Reporting a vulnerability

Please report security issues privately. Do not open a public issue or pull request.

Include a description, reproduction steps, affected version, and impact. We aim to acknowledge within a few business days and will coordinate a fix and disclosure timeline with you.

A machine-readable contact is published at .well-known/security.txt.

Threat model

The published threat model describes the trust boundaries, the classes of attack Flynn defends against, and which defense is responsible for each, with a clear split between what is enforced today and what is planned.

Supported versions

Until a 1.0 release, only the latest release and main receive security fixes.

Scope

This repository is the open Flynn. Issues in a connected commercial host belong to that system, not here.

There aren't any published security advisories