Gorilix is currently in early development. The following versions are currently being maintained with security updates:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take the security of Gorilix seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do Not disclose the vulnerability publicly (no GitHub issues, pull requests, or social media posts)
- Email the maintainers directly at me@juliaklee.wtf
- Include as much information as possible:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix, if possible
After reporting a vulnerability:
- You'll receive an acknowledgment within 48 hours
- We'll investigate and provide an assessment within 7 days
- We'll work with you to understand and address the issue
- Once resolved, we'll publish the fix and credit you (unless you prefer to remain anonymous)
When using Gorilix in production environments:
- Always use the latest version with security updates
- Follow secure coding practices when implementing actors and message handlers
- Implement appropriate authentication and authorization in your application
- Consider network security when deploying across multiple machines
Gorilix's actor model inherently provides isolation between components, which can help limit the impact of security issues. The circuit breaker pattern can also prevent cascading failures due to security-related problems.
However, Gorilix is not a security framework itself and should be used alongside proper security controls for your specific use case.