Security Policy Supported Versions
Ark Angel is under active development. Security updates are prioritized for the most recent stable release and the main development branch.
Version Supported
Latest (main) ✅ Supported
Pre-release
Note: Users are strongly encouraged to run the latest version at all times. Security fixes are not backported to older versions unless deemed critical.
Reporting a Vulnerability
If you discover a security vulnerability in Ark Angel, do not open a public issue.
Instead, report it privately using one of the following methods:
Email: security@arkangel.systems (replace with your actual email) Direct message (if applicable): Project maintainer What to Include
To help us respond quickly, include:
A clear description of the vulnerability Steps to reproduce the issue Potential impact (what could an attacker do?) Screenshots, logs, or proof-of-concept (if available) Suggested mitigation (optional, but appreciated) Response Timeline
We aim to follow this response process:
Initial acknowledgment: within 48 hours Status update: within 5–7 days Resolution target: depends on severity
Severity levels are internally classified as:
Critical – Immediate action required High – Significant risk Medium – Moderate risk Low – Minimal impact Disclosure Policy Vulnerabilities will be investigated and validated before disclosure If accepted, a fix will be developed and deployed Public disclosure will occur only after a fix is available Reporters may be credited unless anonymity is requested
We do not tolerate irresponsible disclosure that puts users at risk.
Scope
This policy applies to:
Core Ark Angel codebase Public-facing infrastructure related to Ark Angel Official integrations and modules
Out of scope:
Third-party dependencies (report to their maintainers) Social engineering attacks Physical access attacks Safe Harbor
If you act in good faith and follow this policy:
You will not face legal action from this project We will treat your research as authorized We will work with you to understand and resolve the issue Final Notes
Ark Angel is a security-focused project by design. We expect both users and contributors to operate with the same mindset:
Assume breach. Minimize exposure. Act responsibly.