Security Policy Supported Versions The following table shows which versions of Aeonmi receive active security updates:
Version Supported 0.2.x :white_check_mark: < 0.2 :x:
Only actively supported versions will receive patches for security vulnerabilities. Unsupported versions should be upgraded immediately to ensure security compliance.
Reporting a Vulnerability Security is a top priority for the Aeonmi project. If you discover a security issue, do not open a public GitHub issue. Public disclosure of vulnerabilities before a fix is released can put users at risk.
Instead, please follow these steps:
Email: Send a detailed report to tech@aeonmi.com (Until the new mailbox is fully operational, you may also use digital@darkmeta.ai).
Required Information:
A detailed description of the vulnerability.
Steps to reproduce the issue.
Potential impact assessment.
Any suggested mitigations.
Encrypted Communication: If your report contains sensitive details, request the Aeonmi Security Team’s PGP key for encryption.
Acknowledgement: You will receive an acknowledgment within 48 hours confirming receipt of your report.
Investigation Timeline:
Initial assessment within 5 business days.
Status updates will be provided at least every 7 days until the issue is resolved.
Resolution & Disclosure:
Critical issues will be patched as soon as possible.
Once a fix is released, a public advisory will be issued along with credit (unless anonymity is requested).
We follow coordinated disclosure best practices.
Scope of Security Reports We welcome reports for:
Remote code execution.
Privilege escalation.
Authentication bypass.
Information leaks.
Data integrity compromise.
Quantum-related encryption or security bypass vulnerabilities in Aeonmi/Q.U.B.E. subsystems.
We do not consider the following to be vulnerabilities:
General feature requests.
Outdated dependencies in non-critical dev tools.
Theoretical issues with no practical exploit.
Responsible Disclosure Policy The Aeonmi team operates on a responsible disclosure model:
No legal action will be taken against security researchers following this policy.
Do not exploit the vulnerability beyond the extent necessary to prove it exists.
Do not publicly disclose the vulnerability prior to coordinated release.