The latest main branch is supported for security fixes.
| Version | Supported |
|---|---|
| main | ✅ |
| releases | ❌ |
Please report vulnerabilities privately to:
Include:
- affected component(s)
- reproduction steps
- impact assessment
- optional mitigation suggestions
We will acknowledge receipt as soon as possible and coordinate remediation and disclosure.
- Please do not disclose vulnerabilities publicly until a fix is available.
- We aim for coordinated disclosure after remediation.
This policy applies to:
- AutomataOS NixOS distribution
- Nix flake and module system
- Deployment scripts and configuration
- VM image builds
Out-of-scope examples:
- third-party service outages (k3s, helm, etc.)
- unsupported local modifications
- known risks already documented in project docs/license