Do NOT open a public GitHub issue for security vulnerabilities.
You can report vulnerabilities through either channel:
- GitHub: Use private vulnerability reporting (preferred)
- Email: security@solishq.ai
SolisHQ will not pursue legal action against good-faith security researchers who follow this disclosure policy. We consider security research conducted in accordance with this policy to be authorized.
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Suggested fix (if any)
- 48 hours: Acknowledgment of your report
- 7 days: Initial assessment and severity classification
- 90 days: Fix deadline — if we have not issued a fix within 90 days, you may disclose publicly
We will coordinate with you on disclosure timing and credit you in the advisory (unless you prefer anonymity).
| Version | Supported |
|---|---|
| 4.x | Yes |
| 3.x | Security fixes only |
| 2.x | End of life |
| 1.x | End of life |