Skip to content

Security: gabcmelo/oris

Security

SECURITY.md

Security Policy

Reporting vulnerabilities

  1. Do not open public issues for sensitive vulnerabilities.
  2. Report with:
    • affected component/file
    • reproduction steps
    • impact
    • suggested mitigation (if available)

Response goals

  1. Initial acknowledgment: as soon as possible.
  2. Triage and severity classification.
  3. Patch plan and release communication when validated.

Scope highlights

Priority areas:

  1. Authentication and token handling.
  2. WebSocket authorization/origin checks.
  3. Voice token issuance and permissions.
  4. Data exposure/PII in telemetry.

There aren't any published security advisories