OrbitFabric is currently in pre-1.0 development.

Only the latest public release and the current main branch are considered for security fixes.

Older pre-1.0 snapshots are not maintained as security-supported baselines.

Please do not report suspected security vulnerabilities through public issues.

Use GitHub private vulnerability reporting when available, or contact the maintainers privately through a non-public channel.

Do not include proprietary mission data, private spacecraft information, operational logs, credentials, tokens, export-controlled material or NDA-protected details in any report.

OrbitFabric is a Mission Data Contract framework.

It is not flight-ready onboard software, not a ground segment, not a command uplink service, not an authentication system and not an operational spacecraft control system.

Security reports should focus on the OrbitFabric toolchain, model parsing, generated artifacts, dependency handling, repository workflows and documentation that could mislead users about operational readiness.