Security is a top priority for the Vix.cpp project.
We appreciate your help in keeping the framework and its ecosystem safe.
We actively maintain and apply security patches to the following versions:
| Version | Supported | Notes |
|---|---|---|
main (development) |
β Yes | Actively developed and reviewed |
v0.x (stable releases) |
β Yes | Security fixes and maintenance updates |
| Pre-release / alpha | Use at your own risk, no guarantee of patching |
If you are using an older version, please upgrade to the latest stable release to receive security updates.
If you discover a security vulnerability in Vix.cpp or any of its modules, please report it privately and responsibly.
Send an email to:
π§ [email protected]
Include the following details:
- A detailed description of the issue.
- Steps to reproduce or proof-of-concept code.
- The affected version(s) or commit(s).
- Any suggestions or potential fixes (optional).
β οΈ Do not open a public GitHub issue for security vulnerabilities.
We take every report seriously and will:
- Confirm receipt within 48 hours.
- Investigate and reproduce the issue.
- Provide a fix or mitigation as soon as possible.
- Acknowledge you in the release notes (if you wish).
We kindly ask researchers and users to:
- Report vulnerabilities confidentially via email.
- Avoid publicly disclosing details until a fix is released.
- Avoid exploiting or abusing vulnerabilities in production systems.
We commit to working transparently and collaboratively with the reporter to resolve issues safely and promptly.
When using Vix.cpp in production:
- Always build with the latest stable release.
- Use compiler hardening flags:
-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2
. Prefer ASan/UBSan when debugging:
cmake -DVIX_ENABLE_SANITIZERS=ON. Keep dependencies up to date (Boost, nlohmann/json, etc.).
. Use HTTPS and secure headers in your deployments.
. π Safe memory handling with RAII and smart pointers.
. π§ Type-safe routing and JSON handling.
. βοΈ Built-in input validation utilities (Vix::utils::Validation).
. 𧩠Modular isolation β each module can be audited independently.
. π§° Optional runtime sanitizers (ASan + UBSan).
We thank all security researchers and contributors who help make Vix.cpp safer for everyone. Your responsible disclosure is essential to maintaining a secure ecosystem.
Security is not a one-time event β itβs an ongoing commitment. Together, we keep Vix.cpp fast, modular, and secure.