OntarioEdAI follows a rolling-release model for the main branch.
| Version | Supported |
|---|---|
| 0.4.x | ✅ |
| < 0.4 |
Please do not open public GitHub issues for security vulnerabilities.
Use one of the following channels:
- GitHub Security Advisory: Open a draft advisory for this repository.
- Email: Contact the maintainers at security@zoverions.com.
We are particularly interested in:
- Sandbox Escapes: Any way to break out of the local execution environment.
- Privacy Leaks: Unauthorized access to student data or PII.
- Ledger Tampering: Methods to forge or alter local educational credentials.
- P2P Security: Vulnerabilities in the offline mesh networking or WebRTC layers.
- Acknowledgement within 48-72 hours.
- Triage and severity assessment within 7 days.
- Coordinated disclosure after a fix is verified.