Skip to content

Security: iTulsi/OrbitOPS

Security

SECURITY.md

Security Policy

Supported versions

Security fixes are applied to the main branch and the latest published release. Older tags are retained for reference but are not actively maintained.

Reporting a vulnerability

Please do not open a public issue for a suspected vulnerability, leaked credential, or exploit path.

Report it privately to the maintainer at tulsitomar2019@gmail.com with:

  • the affected component or endpoint;
  • steps to reproduce the problem;
  • the expected and observed behavior;
  • the potential impact;
  • any suggested mitigation, if known.

Remove secrets, personal data, and live access tokens from screenshots or logs before sending them.

The maintainer will acknowledge a complete report within three business days, assess its severity, and coordinate a fix before public disclosure when the report is valid.

Scope

Reports are especially useful for:

  • authentication or authorization bypasses;
  • exposed credentials or unsafe secret handling;
  • injection or unsafe input processing;
  • dependency vulnerabilities with a practical OrbitOPS impact;
  • unintended access to deployment, telemetry, or contributor data.

General bugs, feature requests, and documentation problems should use the public issue templates instead.

There aren't any published security advisories