The codebase is currently undergoing a refactor in a new language and a new framework. Only the code on the main branch will be supported with security updates. The old support cycle will resume with the release of v1.0.0.

If you find a vulnerability with Captain, contact the project maintainer(s) directly. Do not open a ticket. Upon successful verification and duplication of the vulnerability, a fix will be released as soon as possible. A public notice will be sent out within 30 days, after a fix is released if possible.

If you find a vulnerability with Proxmox, Ansible, or another tool used by Captain, please open an issue with the maintainers of that project, as there is little we can do on the Captain side to fix it.