Escalated follows a major-version support model.
Because individual patch and minor releases may vary between installations, only the latest release within a supported major version receives security updates.
Example:
| Major Version | Supported |
|---|---|
| 2.x | ✅ |
In this example, 1.x may not be supported unless specifically marked with LTS.
Older major versions may receive security fixes at the discretion of the maintainers but should be considered unsupported.
We take security seriously and appreciate responsible disclosure.
- Open a public GitHub issue for security vulnerabilities.
- Discuss unpatched vulnerabilities in public forums, discussions, or pull requests.
Report vulnerabilities through:
- GitHub Security Advisories (preferred)
- Email: security@escalated.dev
Please include:
- A description of the issue
- Affected versions
- Reproduction steps
- Proof-of-concept code (if applicable)
- Potential impact
We aim to:
- Acknowledge reports within 72 hours
- Provide an initial assessment within 7 days
- Keep reporters informed throughout the remediation process
When a vulnerability is confirmed:
- The issue will be validated and prioritized.
- A fix will be developed and tested.
- Security releases will be published for supported major versions.
- Public disclosure will occur after patches are available.
If a report is determined not to be a security vulnerability, we will provide an explanation where possible.
We support responsible security research conducted in good faith and ask that researchers provide reasonable time for remediation before public disclosure.
Thank you for helping keep the Escalated ecosystem secure.