If you discover a security vulnerability in asobi_lua, please report it
privately so we can fix it before it is publicly disclosed.
Do not open a public GitHub issue for security issues.
Either of these channels work:
- GitHub Security Advisory (preferred): Report privately
- Email: security@asobi.dev
- Acknowledgement within 48 hours
- Initial assessment within 7 days
- Coordinated disclosure timeline agreed with you
- Credit in the security advisory if you want it
| Version | Supported |
|---|---|
| latest stable | ✅ |
| older releases | ❌ — please upgrade |
In scope:
- The
asobi_luaErlang/OTP runtime (this repository) - The Luerl sandbox configuration shipped with this runtime
Out of scope:
- The hosted asobi.dev SaaS — see https://asobi.dev/security
- The
asobilibrary — report to https://github.com/widgrensit/asobi/security - Third-party dependencies (Luerl etc.) — please report upstream