This security policy applies to all public repositories under the OpenBoxes organization on GitHub.

We provide security updates for the latest official release of OpenBoxes.

If you discover a vulnerability in any public project under the OpenBoxes organization, please report it responsibly to [email protected].

As an open-source project with limited resources, we will do our best to respond to and resolve security issues in a timely manner.

We will attempt to acknowledge reports within 5–10 business days and provide a resolution within 90 days, depending on the severity and complexity. We will also make every effort to publicly disclose all security vulnerabilities as soon as a security update (hotfix) is available.

Please do not disclose the issue publicly until we’ve had a chance to investigate and provide a fix.