| Version | Supported |
|---|---|
| main | ✅ |
| < 0.6.0 | ❌ |
Do NOT open a public issue for security vulnerabilities.
Instead, please report via one of:
- GitHub Security Advisories: https://github.com/igorls/meshguard/security/advisories/new
- Email: Contact the maintainer directly
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Acknowledgment: within 48 hours
- Initial assessment: within 7 days
- Fix timeline: depends on severity (critical: 7 days, medium: 30 days)
- ChaCha20-Poly1305 encryption (WireGuard-compatible)
- Ed25519 identity keys
- Noise_IKpsk2 handshake with anti-replay
- Decentralized trust (no central authority)
- Org PKI for fleet trust
- Key rotation every 120 seconds
See docs/concepts/security.md for full security model documentation.