Only the latest release of Axon receives security updates.
| Version | Supported |
|---|---|
| 1.x (latest) | Yes |
| Older | No |
Please do not open a public GitHub issue for security vulnerabilities.
To report a vulnerability, use GitHub's private vulnerability reporting. This opens a private channel between you and the maintainer.
- A description of the vulnerability and its potential impact
- Steps to reproduce or proof-of-concept
- Any suggested mitigations (optional)
- Acknowledgment: within 7 days of receiving the report
- Assessment: within 14 days
- Resolution: depends on severity and complexity; critical issues are prioritized
This policy covers the Axon iOS/macOS application source code in this repository. It does not cover third-party SDKs or services (Firebase, AI provider APIs, etc.).
We follow a coordinated disclosure process. Please allow time to investigate and release a fix before making any public disclosure.