FluentAAS is committed to providing a safe and reliable open-source library.
We take security issues seriously and appreciate responsible disclosure.
Until the official v1.0 release — which will include all current AAS Submodels compliant with the AAS Standard 3.1.0 — only the most recent FluentAAS version receives security updates.
Older minor versions are not maintained.
| Version | Support Status |
|---|---|
| Latest | ✔️ Fully supported (security & bug fixes) |
| Older | ❌ Not supported (please upgrade to the latest) |
- Pre-1.0 versions are considered preview/early-stage releases.
- Only the newest published version will receive patches or fixes.
- Once v1.0 is released, we will introduce a stable Long-Term Support (LTS) policy with clearer guarantees.
To ensure you receive fixes and improvements, always use the latest version.
If you discover a security issue, please report it responsibly.
Please open a new issue in the github project.
Include:
- A clear description of the vulnerability
- Steps to reproduce
- A minimal code example if possible
- Potential impact
- Any suggested remediation ideas (optional)
- Acknowledgement within 72 hours
- Initial assessment within 7 days
- If confirmed, we will work with you to:
- Understand the issue
- Determine severity
- Develop and test a fix
- Coordinate a responsible disclosure timeline
Please do not open a public GitHub Issue for security vulnerabilities.
We ask for private reporting to allow safe investigation and patching.
Once resolved, we may publish:
- A GitHub Security Advisory
- A patched release
- A note in the changelog
Credit for discovery will be given if desired.
We appreciate the security community and everyone helping keep FluentAAS safe and reliable.