If you discover a security vulnerability in Axis, please report it responsibly.
Do not open a public issue for security vulnerabilities.
Instead, please email security concerns to: security@axis-git.app (or open a private security advisory on GitHub)
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix timeline: Depends on severity, typically 30-90 days
This policy applies to:
- The Axis desktop application
- Official builds from GitHub Releases
- The project's GitHub repository
- Third-party dependencies (report to upstream maintainers)
- Self-compiled or modified versions
- Social engineering attacks
| Version | Supported |
|---|---|
| Latest | Yes |
| Nightly | Best effort |
| Older | No |
When using Axis:
- Download only from official GitHub Releases
- Keep the application updated
- Review repository permissions before granting access