Skip to content

Latest commit

 

History

History
35 lines (28 loc) · 1.67 KB

SECURITY.md

File metadata and controls

35 lines (28 loc) · 1.67 KB

Security Policy

Supported Versions

We support fixing security issues on the following releases:

Version Supported Security fixes until
14.2.1 12 Months after the release (24 May 2025)
14.1.1 12 Months after the release (08 May 2025)
14.0.1 12 Months after the release (11 Mar 2025)
13.0.1 12 Months after the release (11 Mar 2025)
12.0.0 12 Months after the release (06 Nov 2024)
11.3.5 12 Months after the release (11 Mar 2025)
11.2.6 12 Months after the release (23 Nov 2024)
11.1.1 No longer supported
9.3.1 No longer supported
9.2.1 No longer supported
8.5.2 No longer supported

Reporting a Vulnerability

If you’ve found a security issue in CakeDC Users plugin, please use the following procedure instead of the normal bug reporting system. Instead of using the bug tracker please send an email to security [at] cakedc.com.

For each report, we try to first confirm the vulnerability. Once confirmed, the CakeDC team will take the following actions:

  • Acknowledge to the reporter that we’ve received the issue, and are working on a fix. We ask that the reporter keep the issue confidential until we announce it.
  • Get a fix/patch prepared.
  • Prepare a post describing the vulnerability, and the possible exploits.
  • Release new versions of all affected versions.
  • Prominently feature the problem in the release announcement