Kooix is currently in MVP stage. Security fixes are applied on a best-effort basis to the latest main branch.

Please do not open public issues for unpatched vulnerabilities.

Instead, report privately by contacting the maintainer via GitHub security advisory flow (preferred):

1. Open the repository on GitHub.
2. Go to Security → Advisories.
3. Click Report a vulnerability.
4. Include impact, reproduction steps, affected files/paths, and suggested remediation if available.

If advisory flow is unavailable, open a private communication channel with the maintainer and include the same information.

• Vulnerability type and impact
• Reproduction steps / PoC
• Affected commit/version
• Suggested fix or mitigation
• Any known exploit preconditions

• Initial triage response: within 72 hours
• Confirmation and severity assessment: within 7 days
• Patch target: as soon as practical based on risk and complexity

• We follow coordinated disclosure.
• Please allow time for validation and patching before public disclosure.
• Once fixed, we may publish a summary and remediation notes.