| Version | Supported |
|---|---|
| latest | ✅ |
We take the security of Photonix seriously. If you discover a security vulnerability, please report it responsibly.
Please do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email us at:
- A description of the vulnerability
- Steps to reproduce the issue
- Any potential impact you've identified
- Your name/handle for credit (optional)
- Acknowledgement: We will acknowledge receipt of your report within 48 hours.
- Assessment: We will investigate and provide an initial assessment within 7 days.
- Resolution: We aim to release a fix within 30 days of confirmation, depending on complexity.
- Disclosure: We will coordinate with you on public disclosure timing.
We consider security research conducted in good faith to be authorised. We will not pursue legal action against researchers who:
- Act in good faith to avoid privacy violations, data destruction, or service disruption
- Only interact with accounts they own or with explicit permission
- Report vulnerabilities through the process outlined above
- Allow reasonable time for resolution before public disclosure
We are happy to credit security researchers who report valid vulnerabilities, unless they prefer to remain anonymous.
Thank you for helping keep Photonix and its users safe! 🔐