Oar is currently in active development. Security updates are applied to the latest version on the main branch.
| Version | Supported |
|---|---|
| Latest | ✅ |
Report security vulnerabilities privately. Don't use public GitHub issues, discussions, or pull requests.
Send an email to [email protected] with:
- Issue type (e.g., SQL injection, XSS, authentication bypass)
- Affected source files and their paths
- Code location (commit hash, branch, or URL)
- Steps to reproduce
- Configuration needed to trigger the issue
- Proof-of-concept code (if available)
- Impact assessment and potential exploitation scenarios
I'll acknowledge receipt within 48 hours and provide an update on the investigation timeline.
After confirming a vulnerability, I'll:
- Fix the issue in a private branch
- Test the fix thoroughly
- Release a security update with a clear changelog
- Disclose details after users have had time to update (typically 7-14 days)
Critical vulnerabilities receive immediate attention. Lower-severity issues follow the standard release cycle.
Questions about security? Email [email protected].