Division Swarm is pre-1.0. Until release branches are published, security reports are accepted for the current default branch and the latest public release, if one exists.
| Version or branch | Security support |
|---|---|
| Current default branch | Supported |
| Latest public release, if any | Supported |
| Older commits, branches, or forks | Not supported unless maintainers explicitly say otherwise |
Do not report suspected vulnerabilities in public GitHub issues, pull requests, or discussions.
Send vulnerability reports privately to:
security@division.sh
Include as much of the following information as you can:
- A description of the suspected vulnerability and impact.
- Affected version, branch, commit, or deployment surface.
- Reproduction steps, proof-of-concept details, or relevant logs.
- Any conditions that limit exploitability.
- Your preferred contact information for follow-up.
If you are unsure whether an issue is security-sensitive, report it privately.
Please keep the report private while maintainers triage it and coordinate a fix or mitigation. Maintainers will use the private reporting thread to coordinate validation, remediation, and disclosure timing.
After a fix or mitigation is available, maintainers may publish a security advisory, release note, or public issue with appropriate details. Do not publish exploit details before that coordination completes.
For ordinary bugs, feature requests, or implementation questions that do not involve a suspected vulnerability, use the normal GitHub issue templates.