Skip to content

Security: platformio/platformio-core

Security

SECURITY.md

Security Policy

Supported Versions

We are committed to ensuring the security and protection of PlatformIO Core. To this end, we support only the following versions:

Version Supported
6.1.x
< 6.1

Unsupported versions of the PlatformIO Core may have known vulnerabilities or security issues that could compromise the security of our organization's systems and data. Therefore, it is important that all developers use only supported versions of the PlatformIO Core.

Reporting a Vulnerability

We take the security of our systems and data very seriously. We encourage responsible disclosure of any vulnerabilities or security issues that you may find in our systems or applications. If you believe you have discovered a vulnerability, please report it to us immediately.

To report a vulnerability, please send an email to our security team at [email protected]. Please include as much information as possible, including:

  • A description of the vulnerability and how it can be exploited
  • Steps to reproduce the vulnerability
  • Any additional information that can help us understand and reproduce the vulnerability

Once we receive your report, our security team will acknowledge receipt within 24 hours and will work to validate the reported vulnerability. We will provide periodic updates on the progress of the vulnerability assessment, and will notify you once a fix has been deployed.

If the vulnerability is accepted, we will work to remediate the issue as quickly as possible. We may also provide credit or recognition to the individual who reported the vulnerability, at our discretion.

If the vulnerability is declined, we will provide a justification for our decision and may offer guidance on how to improve the report or how to test the system more effectively.

Please note that we will not take any legal action against individuals who report vulnerabilities in good faith and in accordance with this policy.

Thank you for helping us keep our systems and data secure.

There aren’t any published security advisories