We actively support and provide security updates for the following branches:
| Version | Supported | Security Updates |
|---|---|---|
| 1.0.x | ✓ | ✓ |
| main | ✓ | ✓ |
Please do not open a public GitHub issue for security vulnerabilities.
To report a security issue, please follow these steps:
- Email: Send your report to
mail@atmostfear-entertainment.com - PGP Key: Available at
https://www.atmostfear-entertainment.com/aegis/security/pgpfor encrypted communications - Include:
- Detailed description of the vulnerability
- Proof of concept or steps to reproduce
- Potential impact assessment
- WordPress version and environment details
- Initial Response: Within 48 hours
- Detailed Assessment: Within 5 business days
- Patch Release: Within 14 days for critical vulnerabilities
- Public Disclosure: After patch is available (typically 7-14 days later)
For users of the Aegis theme:
- Keep Updated: Always use the latest version
- WordPress Core: Maintain updated WordPress installation
- Plugins: Use reputable, updated plugins
- Permissions: Follow WordPress file permission guidelines
- Backups: Maintain regular, secure backups
This security policy covers:
- Core theme files and functionality
- Built-in blocks and components
- Theme framework code
- Official block patterns
Third-party plugins, custom code, or modified theme files are not covered under this security policy.
We follow responsible disclosure practices and work with researchers to ensure vulnerabilities are addressed before public disclosure.
For general bugs that are not security-related, please use our Bug Report Template.