The current major version is supported. For example if the current version is 3.4.1:
| Version | Supported |
|---|---|
v3.4.1 |
✅ |
v3.4.x |
✅ |
v3.x.x |
✅ |
v2.0.0 |
❌ |
v1.0.0 |
❌ |
Please report (suspected) security vulnerabilities to opensource@jonaspammer.at, preferably with a proof of concept.
You may use the following template for your e-mail (text in underscores (_) is meant for guidance of filling out the form and can be removed):
## Severity
_One of Low, Moderate, High, Critical, or "Asses using Common Weakness Enumarator found in Reference"_
## CVE Identifier (https://cve.mitre.org/cve/search_cve_list.html)
None
## Description
## Reproduction
_Step-by-step instructions to reproduce the issue / Proof-of-concept / Any special configuration needed to reproduce / Exploit Code_
## Impact
_What kind of vulnerability is it (Injection, XSS, Overflow, ...)? Who is impacted?_
### Patches
_Has the problem been patched? What versions?_
### Workarounds
_Is there a way for the users to fix or remediate the vulnerability without upgrading?_
### References
_Are there any links the developer or users can visit to find out more?_
Non-vulnerability related security issues such as new great new ideas for security features are welcome on GitHub Issues.