Only the most recent version of Aegis is currently being supported with security updates.

Note that Aegis consists of more than a single project, and during a release cut, all projects are signed and tagged with the same version.

After Aegis hits a major 1.0.0. version, this will change, and we will also have a support plan various major versions.

Send your vulnerability reports to security@aegis.ist.

We don’t have an official turnover time, but if nobody gets back to you within a week please send another email.

We take all vulnerability reports seriously, and you will be notified if your report is accepted or declined, and what further actions we are going to take on it.