We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:
Version | Supported |
---|---|
1.5.x | ✅ |
1.4.x | ✅ |
< 1.4.0 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security issue, please report it by sending an email to [email protected]
This will allow us to assess the risk and make a fix available before we add a bug report to the GitHub repository.
As a policy, we do not provide financial compensation for reporting security vulnerabilities. Our bug bounty program is designed to acknowledge the efforts of security researchers and community members who assist us in maintaining the highest standards of security without monetary rewards. We believe in fostering a cooperative environment where the security community can contribute to the safety and integrity of our software because they are committed to a safer internet.
Contributors who report security issues will be acknowledged in our public releases if they choose to be named. We appreciate the collaborative effort to secure our software and thank all individuals who report vulnerabilities responsibly.
Thanks!