Security fixes are provided for the latest release on the default branch. Older releases may not receive patches.
Please do not report security vulnerabilities via public GitHub issues.
Instead, use one of these channels:
- GitHub Security Advisories — Open a private report for the affected repository, or use Report a vulnerability on the repository Security tab.
- Email — contact the maintainers at stephen@atlastechsolutions.co.uk with details and steps to reproduce.
Include as much detail as possible: affected versions, impact, reproduction steps, and suggested mitigations if you have them.
- Acknowledgement within 7 days
- Fix or mitigation plan within 60 days for confirmed issues
- Coordinated disclosure preferred; please allow time to release a fix before public disclosure
Atlas Commons does not operate a paid bug bounty program. We appreciate responsible disclosure and credit researchers in release notes when appropriate.