Security Policy

Supported Versions

xscen is in rapid development and receives regular updates every two (2) months. In the event of a security-related bug discovery soon after the release of an xscen version, the last supported version will receive a patch release.

Reporting a Vulnerability

If you believe you have found a security vulnerability in xscen, we encourage you to let us know right away. We take all security vulnerabilities seriously and appreciate your efforts to responsibly disclose them.

Please follow these steps to report a security vulnerability:

Email: Email github-support@ouranos.ca with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.
Encryption (Optional): If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.
Response: We will acknowledge your email within 48 hours and work with you to understand and confirm the vulnerability.
Fix and Disclosure: Once the vulnerability is confirmed, we will work to address it promptly. We appreciate your patience as we investigate and implement a fix. Once resolved, we will coordinate the disclosure and provide credit to the reporter unless they prefer to remain anonymous.

PGP Encryption Key

You can use the following PGP key to encrypt your communications with us: