Currently, only the main branch and the latest release tag are actively supported for security updates.

Security is a high priority for the RixDev project.

If you discover any security-related issues, please do not create a public issue. Instead, please email the project maintainer directly. We will acknowledge your report within 48 hours, and plan a fix as soon as possible. Once the issue is resolved and a new release or patch is available, a public announcement will be made if necessary, but your report can remain anonymous if you prefer.

Types of vulnerabilities we prioritize:

• Unsafe file system access bypassing intended workspace boundaries.
• Remote Code Execution (RCE) via prompt injection.
• Unintentional exposure of LLM API keys via logs or memory.