Blocky is a learning project and does not currently publish versioned security support windows.
Security fixes, when made, are expected to land on the default branch.
If you discover a security issue, please do not open a public issue with full exploit details.
Instead, report it privately to the maintainer through the repository hosting platform's private contact mechanism, if available. If no private reporting channel is available, open a minimal public issue that avoids disclosure of exploit details and asks for a private contact path.
Because this project is educational and not intended for production deployment, response times and remediation timelines are not guaranteed.
Please keep in mind that Blocky intentionally omits many production hardening features, including but not limited to:
- network security
- authenticated accounts and signatures
- persistent storage hardening
- production consensus protections
- contract sandboxing expectations beyond the current educational scope
Reports that help clarify unsafe assumptions in docs or examples are still appreciated.