Nothing is 100% secure and whilst we are taking numerous steps to ensure our code is robust and engineered properly, we welcome any security reports of vulnerabilities.
We release patches for security vulnerabilities. Which versions are eligible receiving such patches depend on the CVSS v3.0 Rating:
| CVSS v3.0 | Supported Versions |
|---|---|
| 9.0-10.0 | Releases within the previous three months |
| 4.0-8.9 | Most recent release |
Please report (suspected) security vulnerabilities via the issues functionality in this repo. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.