IRIS currently supports security fixes on the active development line only.
| Version | Supported |
|---|---|
main |
yes |
| older snapshots and branches | no |
Please do not open a public issue for a suspected security vulnerability.
Preferred reporting path:
- Use GitHub Private Vulnerability Reporting or a private security advisory if it is enabled for the repository.
- If private reporting is not available, contact the repository maintainer through GitHub private channels.
Please include:
- affected area
- reproduction steps
- impact assessment
- any suggested mitigation
The project follows a best-effort response model. Triage, mitigation, and disclosure timing depend on severity and maintainer availability.