GauntletCI currently supports security fixes on the latest main branch and the newest tagged release line.
| Version | Supported |
|---|---|
main |
✅ |
| Latest release | ✅ |
| Older releases | ❌ |
Please do not open public issues for potential security vulnerabilities.
Use GitHub Security Advisories to report vulnerabilities privately:
https://github.com/EricCogen/GauntletCI/security/advisories/new
If advisory tooling is unavailable, contact the maintainer directly via GitHub profile messaging: https://github.com/EricCogen
Include:
- A clear description of the issue and impacted component
- Reproduction steps or a proof-of-concept (if available)
- Potential impact and suggested mitigations
Do not include secrets, credentials, customer data, private source code, or proprietary information in public issues, discussions, pull requests, or examples.
GauntletCI is designed to run locally. Source code is not uploaded by default.
Optional integrations should clearly document when data leaves the local machine.
- We will acknowledge receipt as quickly as possible.
- We will investigate, validate impact, and provide remediation guidance.
- Confirmed vulnerabilities will be fixed in supported versions and disclosed responsibly.