The table below explains the current state of our versions. Currently, only version 3.5 and higher are supported and receive security updates. Versions lower than 3.5 are considered End of Life and will not receive any security updates.
| Version | Branch | Security Updates | End of Life |
|---|---|---|---|
| < 2.0 | master | ❌ | ✅ |
| >= 2.0, < 3.0 | develop | ❌ | ✅ |
| >= 3.0, < 3.5 | V3/develop | ❌ | ✅ |
| >= 3.5 | V3/develop | ✅ | ❌ |
For reporting vulnerabilities within Red-DiscordBot we make use of GitHub's private vulnerability reporting feature (More information can be found here). This ensures that all maintainers and key members have access to the reported vulnerability.
To open a vulnerability report please fill out this form
You will be asked to provide a summary, details and proof of concept for your vulnerability report. We ask that you fill out this form to the best of your ability, with as many details as possible. Furthermore, you'll be asked to provide affected products and severity. These fields are optional and will be filled appropriately by the maintainers if not provided.
We will try to answer your report within 7 days. If you haven't received an answer by then, we suggest you reach out to us privately. This can best be done via our Discord server, and contacting a member who has the Staff role.