Contains basic information for reporting security issues and which versions are currently supported under this policy.
| Version | Supported |
|---|---|
| > 3.0.0 | ✔️ |
| 3.0.0 | ✔️ |
| < 3.0.0 | End of life |
| < 2.0.0 | ❌ |
Note: Versions of SkinChanger below version 3.0 are no longer scheduled to recieve updates and are hence marked as "End of Life". If Security issues with V2 before V3 has launched they will be patched. Once version 3.0 is released, version 2.0 will no longer be supported here.
If a vulnerability with SkinChanger (for any version) is found, please do one of these (in order of preference):
- Send me an email security(at)boomy.wtf
- Create an issue - Don't do this for high severity security issues
Reported vulnerabilities will be worked on depending on their severity and spread. If a vulnerability isn't very high level and only effects a small portion of users, a patch may be brought out in a sequencial update. If a vulnerability is severe or targets a large quantity of users/operating systems it will likely recieve it's own update for the patch.
If a vulnerability is deemed insignificant it will not be working on
Most reported vulnerabilities will at some stage recieve a patch; only vulnerabilities outside the mods control will be rejected.