| Version | Supported |
|---|---|
| 4.0.x | ✅ |
| 3.x | |
| < 3.0 | ❌ |
Please open a private vulnerability report via GitHub Security Advisories: https://github.com/Srujan0798/Adaptoid-OS/security/advisories/new
Please include:
- FM number (if matches a known failure mode)
- Steps to reproduce
- Impact assessment
- Suggested fix (optional)
| Severity | Acknowledgment | Fix Target |
|---|---|---|
| Critical | 24 hours | 72 hours |
| High | 48 hours | 1 week |
| Medium | 1 week | 1 month |
| Low | 1 month | Next minor release |
validators/oap_security.sh— policy enforcementvalidators/vault_mmu.sh— state integrityvalidators/publish_gate.sh— prevents secret leakage
By default, all tool calls require explicit policy. No policy = DENY.
See templates/root/policies/default.yaml.