The following versions of Go.Data are currently being supported with security updates.
| Version | Supported | Released |
|---|---|---|
| 47.0 | ✅ | 22 June 2023 |
| 46.0 | ❌ | 04 May 2023 |
| 45.0 | ❌ | 23 February 2023 |
| 44.0 | ❌ | 21 September 2022 |
If you find a vulnerability or a security issue, please contact godata@who.int. In the email, please include the following information:
- Your name and affiliation (we will only use this information to follow up on the issue in case we need more details)
- A description of the technical details of the vulnerabilities or security issues
- An example of how the issue manifests
- An explanation of who can exploit the vulnerability and what they gain by doing so (an attack scenario)
- Whether the vulnerability is public or known to third parties
The maintainers will endeavour to keep the reporter updated on progress being made toward a fix. Disclosures could include:
- Confirming the issue and determining its severity
- Implementations that use Go.Data and require mitigation before publication of the issue will be notified
- Preparation (but not publication) of the details of the problem
- Vulnerability fix and identified workarounds
- Security advisory published for all fixed vulnerabilities