If you discover a security vulnerability in the theme files, install scripts, or repository configuration, please report it privately to:
Please include:
- A clear description of the issue
- Steps to reproduce or a proof of concept
- Affected versions or commit ranges
- Any suggested mitigations
Do not open a public issue for security vulnerabilities.
| Version | Supported |
|---|---|
| 1.0.x | Yes |
| < 1.0 | No |
Only the latest major version receives security updates.
- Reporter submits vulnerability via email.
- Maintainer acknowledges receipt within 48 hours.
- Maintainer validates and assesses the issue within 5 business days.
- A fix is prepared and released. The reporter is notified of the planned release date.
- After the fix is released, a public advisory may be published at the maintainer's discretion.
This security policy applies to the Terax Themes repository only:
- Theme JSON files in
themes/ - Install scripts (
install-terax-themes.sh,install-terax-themes.ps1) - Repository configuration and GitHub Actions workflows
Issues in the Terax application itself should be reported to the upstream project at crynta/terax-ai.