We provide security updates for the latest release of each Oxy product. Older versions may not receive patches.
| Product | Supported |
|---|---|
| Oxy Platform (@oxyhq/*) | Latest release |
| Mention | Latest release |
| Allo | Latest release |
| OxyOS | Latest release |
| Bloom | Latest release |
If you discover a security vulnerability in any Oxy product, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email us at security@oxy.so with:
- A description of the vulnerability
- Steps to reproduce
- The affected product and version
- Any potential impact assessment
We will acknowledge your report within 48 hours and provide an initial assessment within 5 business days.
- We follow coordinated disclosure practices.
- We will work with you to understand and address the issue before any public disclosure.
- We credit reporters in our security advisories (unless you prefer to remain anonymous).
This policy applies to all repositories in the OxyHQ GitHub organization.