If you discover a security vulnerability, please contact us using the following details:

• Email: security@oxor.io
• GPG Key: 5F5C 4C68 336A 6D2B 6839 E8A7 D6EE EF32 FDC9 71EC

We will work to address the issue as quickly as possible.

We currently support the following versions for security updates:

• v1.16.4
• v1.16.3
• v1.16.2

Please use the email address provided above for reporting vulnerabilities. Encrypt your message using the provided GPG key for secure communication.

We aim to respond to initial vulnerability reports within 48 hours. Further communication will follow as we investigate and address the issue.

We request that you report vulnerabilities privately to us first so that we can address them before public disclosure. We will work with you to understand the issue and determine the appropriate timeline for disclosure.

We appreciate the efforts of security researchers and are happy to acknowledge those who report vulnerabilities in our release notes, provided they follow responsible disclosure guidelines.

When reporting a vulnerability, please include the following information:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Suggested mitigation or fix, if any

Security updates will be released as necessary to address vulnerabilities. We strive to issue updates promptly after identifying and fixing security issues.

At this time, we do not have a formal bug bounty program. However, we are open to discussing recognition and rewards on a case-by-case basis for significant discoveries.

Thank you for helping to keep our project secure.