Acquire is under active development and is not ready for production use. As such, we do not yet provide backporting of security fixes and will either apply a security patch to the latest released version, or will issue a new released version as needed.

We do really appreciate any reporting of security problems. As Acquire is not yet a production service please feel free to report security issues in an open manner and we will respond as a matter of priority. We particularly welcome people providing proof-of-concept attacks, opening issues to discuss design choices or possible attack vectors, and pull requests for bug and security fixes.

If you wish to submit a security issue publicly, please do so via the "issues" in this repo, and expect a response as quickly as we can (likely within a day or two). If you want to submit a private security issue, then please email chryswoods@gmail.com. Again, expect a response within a few days, from which we will open a discussion.