First things first: Do NOT report security vulnerabilities in public issues!
Please disclose responsibly by sending a mail at security@workadventu.re (you can also ping us in the GitHub issues, but please, no details in the issues!)
We will assess the issue as soon as possible on a best-effort basis and will give you an estimate for when we have a fix and release available for an eventual public disclosure.
We do not have a bug bounty program.
We only apply security patches on the latest tagged release and on the master
and develop
branches
Unless specified otherwise, do not expect us to fix security issues on past releases. We are only maintaining one release: the latest one, which is online at https://play.workadventu.re.