| Package | Supported |
|---|---|
| core (Go CLI) | Latest |
| core-php | Latest |
| core-* modules | Latest |
Do not open a public issue for security vulnerabilities.
Please report security issues via GitHub's private vulnerability reporting:
- Go to the affected repository
- Click "Security" tab
- Click "Report a vulnerability"
Or email: security@host.uk.com (if available)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix timeline: Depends on severity
- Critical: 24-48 hours
- High: 1 week
- Medium: 2 weeks
- Low: Next release
In scope:
- All
core-*packages - The
coreCLI - Infrastructure code in this organisation
Out of scope:
- Third-party dependencies (report upstream)
- Social engineering
- DoS attacks
We credit security researchers in release notes (unless anonymity is requested).