Skip to content

Security: tomatyss/runloop

Security

Report a vulnerability

SECURITY.md

Security Policy

  • Disclosure email: security@runloop.media (GPG optional; publish key in this repo when ready).
  • Acknowledgement target: 3 business days.
  • Triage: risk assessment and CVSS estimate within 7 business days.

Supported versions

We provide fixes for:

  • main (best-effort, nightly builds)
  • Latest v0.N minor (patches and backports)
  • Previous v0.(N-1) minor (critical fixes only)

Patch SLAs (targets)

  • High/Critical: fix or mitigation within 30 days
  • Medium: fix or mitigation within 90 days
  • Low: best-effort

Do not

  • Open public issues for vulnerabilities before coordinated disclosure.

There aren’t any published security advisories