We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:
| CVSS v3.0 | Supported Versions |
|---|---|
| 9.0-10.0 | Releases within the previous three months |
| 4.0-8.9 | Most recent release |
Please report suspected security vulnerabilities confidentially to our bug bounty program based on the bug bounty guidelines at hackerone. We ask that you refrain from opening GitHub issues pertaining to possible security issues.
For anything that is not security related, please consult our contribution guidelines.
The code has been audited by NCC.