We actively support the following versions of ORBIT with security updates:

We take security vulnerabilities seriously. If you discover a security vulnerability in ORBIT, please follow these steps:

• Email: Please send vulnerability reports to the project maintainers via GitHub's private vulnerability reporting feature
• GitHub: Use the "Security" tab in the repository to report vulnerabilities privately

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any suggested fixes or mitigations

• Initial Response: We aim to acknowledge receipt of vulnerability reports within 48 hours
• Status Updates: You can expect regular updates on the status of your report every 7 days
• Resolution Timeline: We strive to resolve critical vulnerabilities within 30 days

• If Accepted: We will work with you to understand the issue, develop a fix, and coordinate disclosure
• If Declined: We will provide a clear explanation of why the report was not considered a security vulnerability
• Credit: We will acknowledge your contribution in our security advisories (unless you prefer to remain anonymous)

When deploying ORBIT in production:

• Keep your installation updated to the latest supported version
• Follow the deployment guidelines in our documentation
• Properly configure API key authentication
• Use HTTPS for all communications
• Regularly review and update your configuration files

For questions about security practices or this policy, please open a GitHub issue or contact the maintainers.