Scenic currently provides security updates for the latest stable 3.x release.
| Version | Supported |
|---|---|
| Latest stable 3.x | ✅ |
| Older releases | ❌ |
Please do not report security vulnerabilities through public GitHub issues or pull requests.
- Preferred: Use GitHub's private vulnerability reporting through the Security tab of this repository.
- Alternative: Email security@forum.scenic-lang.org with the subject line
SECURITY: <short description>.
To help us investigate, please include as much of the following as possible:
- A clear description of the issue
- Steps to reproduce the issue
- Any relevant Scenic programs, inputs, or configuration details
- The version of Scenic affected
- The potential impact
- Any suggested fix or mitigation, if available
- We will acknowledge receipt within 1 week.
- We will provide status updates at least every 14 days while the issue is under investigation.
- If the report is accepted as a security vulnerability, we will prioritize a fix and coordinate disclosure with you. We are happy to credit you in the GitHub security advisory unless you prefer to remain anonymous.
- If the report is not accepted as a security vulnerability, we will let you know why.
We ask that you follow responsible disclosure practices and avoid public disclosure until a fix has been released or 90 days have passed since your report, whichever comes first.