Skip to content

Security: Oriondevcore/orion-agent

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
latest Yes

Only the latest deployed version receives security updates.

Reporting a Vulnerability

Report vulnerabilities to graham@oriondevcore.com.

Do not open a public issue for security vulnerabilities. We will:

  1. Acknowledge receipt within 48 hours
  2. Assess severity and impact
  3. Deploy a fix within a reasonable timeline depending on severity
  4. Notify you when the fix is live

Responsible Disclosure

We ask that you:

  • Give us reasonable time to fix the issue before public disclosure
  • Do not access or modify user data beyond what is necessary to demonstrate the vulnerability
  • Do not use automated scanners that may disrupt service

Scope

In scope: the Orion Agent Worker, its API endpoints, WebSocket handler, and the React dashboard.

Out of scope: Cloudflare infrastructure, third-party dependencies (report those to their respective maintainers).

There aren't any published security advisories