The OpenIndiana project commits to providing fixes or mitigations to each and every security vulnerability in software we provide. List of source code repositories of software we develop is to be found in the documentation.
Note that most of the software we deliver is developed independently and we merely distribute it. As such the original software author should be made aware about a potential security issue.
Priority with which we handle security issues is based on the severity of the issue.
OpenIndiana is a rolling release distribution and has only one maintained branch called hipster. Other (historical) branches are not supported.
If you are aware of a security vulnerability in software delivered by the OpenIndiana project, please send us an email to security@openindiana.org. Thank you!
Also see the Security Issues page on our website.