The following versions of open62541 are monitored for vulnerabilities and are part of our vulnerability handling and release process.
| Version | Community Support | Commercial Support Available |
|---|---|---|
| master | ✔️ | ✔️ |
| v1.4.x | ✔️ | ✔️ |
| v1.3.x | 🌗 | ✔️ |
| <= v1.2.x | 🌗 | ✔️ |
| <= v1.0.x | ❌ | 🌗 |
Security vulnerabilities can be disclosed privately to the mailing list open62541-security@googlegroups.com.
The disclosure triggers an evaluation of the vulnerability. Depending on the criticality, the follow-up comprises of the following steps:
- Responsible disclosure of the vulnerability to critical professional users (with an embargo period)
- Commit of the fix to the public repository
- Backporting of the fix to past release families
- Preparation of patch releases
- Public disclosure of the vulnerability
You can send us encrypted email with PGP using this public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZyvNHBYJKwYBBAHaRw8BAQdAVVciLHk9qEu38ZmqGfUuB9SD7lvw6Z8lTm6G
H2zqh4O0NG9wZW42MjU0MSBUZWFtIDxvcGVuNjI1NDEtc2VjdXJpdHlAZ29vZ2xl
Z3JvdXBzLmNvbT6ImQQTFgoAQRYhBMlp8zR7pjG9VoaVFK5VKNbXA7F8BQJnK80c
AhsDBQkFoxmUBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEK5VKNbXA7F8
vLcBAIC7/R5gZrqXm+js+tQrMgua/7Rr8h2CGC8GVogwLmYBAQDF9XzoZMBPQu5j
Vtudpc3lzQy4g8qzIvtwTaQe4KOhCLg4BGcrzRwSCisGAQQBl1UBBQEBB0Acmd51
rRZ3697if50xOUeu2tdHjOWMn+P3Ga5/2ZIGKwMBCAeIfgQYFgoAJhYhBMlp8zR7
pjG9VoaVFK5VKNbXA7F8BQJnK80cAhsMBQkFoxmUAAoJEK5VKNbXA7F8y4UA/RSe
NKKvTqtDayyNn6kRKLnuBAPlXTjvpMARcSMFe9APAQCdu22yS4KB3cGBHoXMSTwO
tfp1v8HATMXKB65FmujmBg==
=Juz6
-----END PGP PUBLIC KEY BLOCK-----