Currently we support versions 2.x.x of MQTTNIO. These will receive security updates as and when needed.

If you believe you have found a security vulnerability in MQTTNIO please do not post this in a public forum, do not create a GitHub Issue. Instead you should email security@soto.codes with details of the issue.

• A member of the team will acknowledge receipt of the report within 5 working days. This may include a request for additional information about reproducing the vulnerability.
• We will privately inform the Swift Server Work Group (SSWG) of the vulnerability within 10 days of the report as per their security guidelines.
• Once we have identified a fix we may ask you to validate it. We aim to do this within 30 days, but this may not always be possible.
• We will decide on a planned release date and let you know when it is.
• Once the fix has been released we will publish a security advisory on GitHub and the SSWG will announce the vulnerability on the Swift forums.