This is a fork of gstack with opencode support. Security patches are tracked against the upstream release version.
| Version | Supported |
|---|---|
| 1.39.x | Yes |
| < 1.39 | No |
If you discover a security vulnerability in gstack-opencodeai, please report it privately.
Do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report via email to the repository maintainer. For this fork, please open a security advisory on GitHub:
- Go to https://github.com/Acharnite/gstack-opencodeai/security/advisories
- Click "New draft security advisory"
- Fill in the details
You should receive a response within 48 hours. If you don't, please follow up.
- A clear description of the vulnerability
- Steps to reproduce (proof of concept preferred over theory)
- Affected versions
- Any potential mitigations you've identified
This security policy covers the gstack-opencodeai fork. Vulnerabilities in the upstream gstack project should be reported there directly.
- You report the vulnerability
- We acknowledge receipt within 48 hours
- We assess and prepare a fix
- We release a patched version and notify you
- You confirm the fix resolves the issue
We follow coordinated disclosure: public details are released after the fix is available.