| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in OrbitStream, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email security@orbitstream.email with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to acknowledge reports within 48 hours and provide a fix timeline within 7 days.
This policy covers the OrbitStream Backend API, including authentication, stream management, WebSocket gateway, and Stellar integration.
We do not currently offer a paid bug bounty program, but we credit all responsible disclosures in our release notes.