We appreciate your efforts to disclose your findings responsibly, and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

The Sidero Labs team will send a response indicating the next steps in handling your report. After the initial response to your report, the security team will keep you informed of the progress toward a fix and a full announcement and may request additional information or guidance. The expected response time is within 3 business days, and the fix is expected to be delivered within 30 days.

The Sidero Labs team will only provide security updates for the two latest minor releases of Omni, unless you have a support contract that specifies otherwise. If you are using an older version of Omni, we recommend upgrading to the latest release.

For example, if the latest release is v0.49.1, the supported releases are v0.48.x and v0.49.x.