Security updates are provided only for the versions listed below.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
Only the latest stable release is supported with security patches. Users are strongly encouraged to upgrade to the most recent version to receive security fixes.
We take security issues seriously and appreciate responsible disclosure.
If you discover a security vulnerability, please do not open a public issue.
Instead, report it privately using one of the following methods:
- discord: official curio one server (this gives temporary membership unless the user gets a role in the server)
Include as much detail as possible:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any relevant logs, screenshots, or proof-of-concept code
- Acknowledgement: Within 72 hours
- Status Updates: Every 7 days until resolved
- Fix Timeline: Depends on severity and complexity
- If the vulnerability is accepted, we will work on a fix and release a patched version as soon as reasonably possible.
- If the vulnerability is declined, we will provide an explanation.
- Coordinated disclosure is preferred. Please allow time for a fix before public disclosure.
This policy applies to:
- The bot’s source code
- Official releases
- Infrastructure directly controlled by the project
This policy does not apply to:
- Self-hosted or modified instances
- Third-party services or APIs
- Dependencies unless explicitly stated
This project relies on third-party libraries, some licensed under the Apache License 2.0 or other open-source licenses. Vulnerabilities in dependencies should be reported upstream when appropriate.
We support good-faith security research conducted in compliance with this policy. We will not pursue legal action against researchers who:
- Avoid privacy violations
- Do not exploit vulnerabilities beyond proof-of-concept
- Report issues responsibly
- Contact: official curio one server (this gives temporary membership unless the user gets a role in the server) For security-related concerns:
- Email: [security@example.com]
- Discord: [Private support server]