If you believe you have found a security vulnerability in the tracer client, we encourage you to report it responsibly.
Please email the maintainers at security@tracer.cloud with the subject line:
[SECURITY] Vulnerability Disclosure for Tracer
Do not open a public GitHub issue. We will respond promptly and work with you to investigate and, if confirmed, address the issue as quickly as possible.
Security updates are currently provided in new releases. As Tracer is currently in early development, we reserve the right to introduce breaking changes while progressing toward a stable release.
| Version | Supported |
|---|---|
| < 1.0 | ✅ Latest release only |
| 1.0+ | ✅ Latest minor versions |
Once a vulnerability is reported:
- The team triages the issue privately.
- If valid, a GitHub Security Advisory will be created.
- A patch is prepared, reviewed, and tested.
- Once ready, a new release is issued with a public disclosure.
We follow responsible disclosure practices to ensure vulnerabilities are addressed before details are shared publicly.
If you have any further questions about security practices at Tracer, you may contact us at the email above.
See [docs/SECURITY_ROADMAP.md] for information on any security issues that have been mitigated, and a general roadmap for future security improvements.