Only the latest commit on main is supported with security updates.

Please do not report security vulnerabilities through public GitHub issues.

Report vulnerabilities privately through GitHub at https://github.com/Khrysys/Aleph/security/advisories/new

Include a description of the issue, steps to reproduce, and potential impact. You can expect an acknowledgement within 7 days and a resolution timeline within 30 days of confirmation.

Aleph is a chess engine. The primary security concern is supply chain integrity rather than runtime vulnerabilities. Issues with dependencies should be reported to the relevant upstream project unless they are introduced by Aleph's own code.

Vulnerabilities will be disclosed publicly after a fix is available or after 90 days, whichever comes first.