At the moment the project only considers the very latest commit to be supported. We combine that with our fast response to incidents and the automated updates to minimize the time between vulnerability publication and patch release.
Version | Supported |
---|---|
master | ✅ |
other commits | ❌ |
In the near future we will introduce versioning, so expect this section to change.
If you discover a security vulnerability within this repository, we encourage you to report it as soon as possible to help us address the issue promptly.
Important
Do not submit an issue or pull request: this might reveal the vulnerability.
Instead, you should:
- Follow the steps to privately report the vulnerability.
- Send and email directly to the maintainers at: [email protected].
In case none of the above methods work, you can create an issue following these steps:
- Raise an Issue: Go to the Issues section of this repository.
- Title: Use a clear and descriptive title such as "Security Vulnerability Report".
- Description: Provide a detailed description of the vulnerability including:
- Steps to reproduce the issue.
- The potential impact of the vulnerability.
- Any relevant details or context that can help us understand the issue better.
We will deal with the vulnerability privately and submit a patch as soon as possible.
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
- Assessment: We will assess the report and determine the severity and impact.
- Resolution: We will work on fixing the vulnerability as soon as possible. Depending on the complexity, this might take some time.
- Notification: We will notify you once the vulnerability has been resolved.
To ensure the protection of our users, we kindly request that you:
- Allow us a reasonable time to fix the vulnerability before making any details public.
- Avoid exploiting the vulnerability in any way.
- Provide us with sufficient details to understand and resolve the issue effectively.
Thank you for helping us keep our project secure!