The following table describes the versions of this project that are currently supported with security updates:
Responsible disclosure policy
At Sequelize, we prioritize security issues and will try to fix them as soon as they are disclosed.
If you discover a security vulnerability, please reach out to the project maintainers privately. You can find related information in CONTACT.md.
After validating & discussing scope of security vulnerability, we will set a time-frame for patch distribution. This time-frame may vary depending upon the nature of vulnerability.
Once affected versions are patched you may report security issue to any Node.js security vulnerability database. A few which we have worked with in past are listed below.