We welcome reports of security vulnerabilities in the code generated by Umple, in the UmpleOnline website, or in the compiler itself. We will endeavour to fix issues promptly, although as an open source project, the ability to deliver depends on the availability of volunteer contributors and/or donations from which we can pay people. The ability to deliver fixes also depends on the complexity of the problem.

Since Umple is continuously released, and code from earlier versions can be run on later versions, we will only support security issues in the latest official release and subsequent minor releases.

Report a Vulnerability by emailing the project manager at timothy.lethbridge@uottawa.ca Please provide a real return email address, so we can contact you for more information.