Security Policy#

Supported versions#

Katalyst is pre-1.0 and evolving quickly. Security fixes are applied to the latest release and main only.

Reporting a vulnerability#

Please do not open a public issue for security vulnerabilities.

Instead, report privately using GitHub’s private vulnerability reporting (Security → Advisories → “Report a vulnerability”). If that is unavailable, email abegong@gmail.com with details.

Please include:

  • a description of the issue and its impact,
  • steps to reproduce or a proof of concept, and
  • any suggested remediation.

You can expect an initial acknowledgement within a few days. We’ll keep you updated on progress and coordinate a disclosure timeline with you.

Backward Code of conduct