Skip to content
Flatpak Automatic CLI Banner

Security Policy

Supported Versions

We take the security of this software supply chain and application lifecycle seriously. Currently, we provide security patches and active support exclusively for versions >= 1.5.

Version Line Security Support Status
>= 1.5.x ✅ Yes Active
< 1.5.0 ❌ No End of Life (EOL)

Reporting a Vulnerability

We take the security of this project seriously. To protect the systems of our users (including those running hybrid-btrfs-safe configurations), please do not report vulnerabilities via public issues, social media, or public email.

How to Report

Please use the GitHub Private Vulnerability Reporting feature:

  1. Navigate to the Security Tab of this repository.
  2. Click on Advisories in the left sidebar.
  3. Click Report a vulnerability to open a private draft advisory.

Reporting Format

To help us investigate quickly, please follow the structure in our Security Advisory Template. Specifically, include:

  • Impact: Technical description of the risk.
  • Environment: Details from your .version_manifest.
  • Proof of Concept: Steps to reproduce the issue privately.

What to Expect

  • Acknowledgement: You can expect a response within 48 hours confirming receipt of your report.
  • Updates: We provide progress updates at least once a week during investigation and patching.
  • Disclosure: Once a fix is ready, we will coordinate with you to publish a Security Advisory and credit your contribution via the MT-Tools disclosure process.