Only the latest version of the library is supported.
We highly welcome vulnerabilities reported through either:
- Github, in the "Security" tab, using the "Report a vulnerability" button.
- Email, security@dfns.co
After receiving the report, it will take us up to 2 working days to respond. We will evaluate the reported vulnerability, determine whether it needs to be addressed, and (if so) and provide an estimated timeline for addressing it.
After vulnerability was fixed and the new version of CGGMP21 protocol was properly tested, we publishe the fix, and publicly disclose the vulnerability (credits for finding the issue go to the reporter).