Coreax is supported on a best endeavours basis. Patches will be applied to the latest version rather than retroactively to older versions. To ensure you are using the most secure version of Coreax, please make sure you have the latest release.

Disclosures of vulnerabilities in Coreax are always welcomed. Whilst we aim to write clean and secure code free from bugs, we recognise that this is an open source project, relying on other of open source libraries that are modified and updated on a regular basis. We hope that the community will continue to support us as we endeavour to maintain and develop this tool together.

If you believe that you have identified a potential vulnerability in the code base, please report this promptly to oss@gchq.gov.uk. Please describe the problem in as much detail as possible, ideally with examples. Each report will be dealt with on a case-by-case basis. You will receive regular communication on the resolution and progress of your report.