If you discover a security vulnerability in Frontier Flow, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, use GitHub Private Reporting from the repository Security tab and include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
We will acknowledge receipt within 48 hours and aim to provide an initial assessment within 5 business days.
| Version | Supported |
|---|---|
| 0.x.x | Yes (current alpha) |
This policy applies to the Frontier Flow application and its build/deployment pipeline. For our detailed security controls, supply-chain hardening, and threat model, see docs/SECURITY.md.
We follow coordinated disclosure. We ask reporters to give us a reasonable window to address issues before any public disclosure.