We generally aim to actively support the latest minor version until we release the next one (e.g. we will release patches for 0.5.x until we release 0.6.0). However, note that this project is currently still in an early stage (marked by the 0.x.z version number) meaning that the time between such updates may be relatively short.

If the vulnerability or security issue can be shared openly without directly compromising the security of a user or of the participant data they may be collecting with the app, we would encourage you to report this via the public GitHub Issues.

However, if there is any direct risk to a user or participant data which would arise as a direct consequence of publicly sharing the vulnerability, please report this as a private GitHub Security Advisory. We will aim to at least acknowledge such advisories within one week. If you do not receive a reply in that time please feel free to contact the project maintainers at f.breit@bangor.ac.uk and m.tamburelli@bangor.ac.uk, ideally with a link / reference number to the advisory on GitHub.