Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are prioritized for the latest published release on main.

Reporting a Vulnerability

Do not open public GitHub issues for security vulnerabilities.

Report privately to:

support@asoba.co

Please include:

Affected component (schema, transform, runtime, tooling).
Reproduction steps or proof of concept.
Impact assessment.
Suggested remediation (if available).

Response Expectations

Initial acknowledgment: within 3 business days.
Triage and severity assessment: within 7 business days.
Remediation timeline: communicated after triage.

Disclosure

We aim for coordinated disclosure:

Confirm issue.
Prepare fix and tests.
Publish patch release and notes.
Publicly disclose once remediation is available.

There aren’t any published security advisories