| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in Eshkol, please report it responsibly:
- Do NOT open a public GitHub issue for security vulnerabilities
- Email: security@eshkol.ai
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: Within 48 hours
- Status update: Within 7 days
- Fix timeline: Depends on severity
- Critical: 24-72 hours
- High: 1-2 weeks
- Medium: Next release
- Low: Backlog
Eshkol compiles to native code via LLVM. User programs have full system access equivalent to any native executable. This is by design for performance.
- Arena-based allocation prevents most memory leaks
- Bounds checking on array/list access
- Type system prevents many classes of errors
When processing untrusted input (files, network data), users should:
- Validate input before processing
- Use appropriate error handling
- Consider resource limits
We appreciate responsible disclosure and will acknowledge security researchers who help improve Eshkol's security (with their permission).