Security updates are currently provided for the latest stable release of Vexon.
Older versions may not receive security fixes. Users are strongly encouraged to upgrade to the most recent version.
If you discover a security vulnerability in Vexon, please report it privately.
Do not open a public GitHub issue or discuss the vulnerability publicly before it has been reviewed.
Please email:
Include the following information when possible:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected versions of Vexon
- Any proof-of-concept code or examples (if available)
- Potential impact (e.g., crash, data exposure, arbitrary code execution)
- We will acknowledge receipt of your report as soon as reasonably possible.
- We will investigate and assess the issue.
- If the report is valid, we will work on a fix and coordinate a responsible disclosure.
Timelines may vary depending on severity and project availability.
We ask that you:
- Allow reasonable time for the issue to be addressed before public disclosure
- Avoid exploiting the vulnerability beyond what is necessary to demonstrate it
- Act in good faith to help improve the security of the project
This security policy applies to:
- The Vexon compiler, runtime, CLI, and official tooling
- Official repositories and released builds
Third-party tools, forks, or unofficial builds are outside the scope of this policy.
We appreciate and acknowledge security researchers and community members who responsibly disclose vulnerabilities and help keep Vexon safe.