| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in Herald, please report it responsibly:
- Do NOT open a public issue.
- Open a private security advisory on GitHub.
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You should receive an acknowledgment within 48 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.
This policy covers:
- The Herald server (
herald-server) - The CLI viewer (
herald-cli) - The web viewer (
herald-web) - Official container images
Out of scope:
- Third-party plugins or forks
- Issues in upstream dependencies (report those to the dependency maintainers)