These project versions are currently being supported with security updates:
| Version | Supported |
|---|---|
| 4.0.x | ✅ |
| < 4.0 | ❌ |
Thank you for reporting a security related issue using a private channel instead of opening a public issue!
The security team (i.e. me) will try to acknowledge and respond as quick as possible.
To report a security issue, please email
security(at)wwwendt.de
and, to your best knowledge, please
- Include your name and affiliation (if any).
- Include the scope of the vulnerability. Let us know who could use this exploit.
- Mention the affected versions.
- Document steps to identify the vulnerability. It is important that we can reproduce your findings.
- Describe how to exploit vulnerability, give us an attack scenario.
- If known, describe mitigations for the issue.
This project follows a 90 day disclosure timeline.
(See also Vulnerability Disclosure Cheat Sheet.)