| Version | Supported |
|---|---|
| Latest | Yes |
We take security seriously. If you discover a security vulnerability in Workspace IDE, please report it responsibly.
- Do NOT open a public issue for security vulnerabilities.
- Email your report to the maintainers via the ATC-O48 organization contact.
- Include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours of your report.
- Status update within 7 days with an assessment.
- Fix timeline based on severity:
- Critical: Patch within 24-48 hours
- High: Patch within 1 week
- Medium: Patch within 2 weeks
- Low: Included in next release
This policy applies to the Workspace IDE application and its dependencies. Issues in third-party dependencies should be reported to the respective projects.
When contributing to this project:
- Never commit secrets, API keys, or credentials
- Use the built-in Secrets tool for managing sensitive data
- Follow the principle of least privilege
- Keep dependencies up to date