This project is currently experimental and not production-ready. Security updates are applied to the latest version only.
| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in this project, please report it responsibly.
Do not open a public issue for security vulnerabilities.
Instead, please report vulnerabilities by:
- Opening a private security advisory via GitHub's Security Advisories feature
- Or contacting the maintainers directly
When reporting a vulnerability, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment of your report within 48 hours
- An assessment of the vulnerability within 7 days
- Regular updates on the progress toward a fix
- Credit in the security advisory (unless you prefer to remain anonymous)
As an experimental verification tooling project, mamut-lab may interact with untrusted input during testing scenarios. Users should:
- Run experimental code in isolated environments
- Never use experimental features with production data
- Review code before execution in sensitive contexts
We follow coordinated disclosure practices. Once a fix is available, we will:
- Release the patched version
- Publish a security advisory
- Credit the reporter (with permission)