Skip to content

Security: oidc-wp/openid-connect-generic

SECURITY.md

Security Policy

Supported Versions

We follow the WordPress Core style of versioning rather than traditional SemVer. This means that a move from version 3.9 to 4.0 is no different from a move from version 3.8 to 3.9. When a PATCH version is released it represents a bug fix, or non-code, only change.

The latest version released is the only version that will receive security updates, generally as a PATCH release unless a security issue requires a functionality change in which requires a minor/major version bump.

Reporting a Vulnerability

For security reasons, the following are acceptable options for reporting all security issues.

  1. Via Keybase secure message to timnolte or daggerhart.
  2. Send a DM via the WordPress Slack to tnolte.
  3. Via a private security advisory notice.

Please disclose responsibly and not via public GitHub Issues (which allows for exploiting issues in the wild before the patch is released).

There aren’t any published security advisories