If you discover a security vulnerability in axl-core, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, send an email to:
Please include:
- A description of the vulnerability.
- Steps to reproduce or a proof of concept.
- The potential impact.
- Any suggested fixes (optional).
- Acknowledgement: Within 48 hours of your report.
- Initial assessment: Within 5 business days.
- Fix and disclosure: We aim to release a patch within 14 days of confirmed vulnerabilities.
| Version | Supported |
|---|---|
| 0.5.x | Yes |
| 0.4.x | Yes |
| < 0.4 | No |
This policy covers the axl-core Python library. For issues related to the AXL Protocol specification itself, please contact admin@axlprotocol.org with the subject line "Protocol Security".