We fix security issues as soon as they are found, and release firmware updates. Each such release is accompanied by release notes, see https://github.com/solokeys/solo/releases.
The latest version can be determined using the file https://github.com/solokeys/solo/blob/master/STABLE_VERSION.
To update your key:
- either visit https://update.solokeys.com, or
- use our commandline tool https://github.com/solokeys/solo1-cli:
solo1 key update
To report vulnerabilities you have found:
- preferably contact @conor1, @0x0ece or @nickray via Keybase, or
- send us e-mail using OpenPGP to security@solokeys.com.
https://keys.openpgp.org/vks/v1/by-fingerprint/BFA3F5387D025E8945CF907FC2F2505A63868DFA
We do not currently run a paid bug bounty program, but are happy to provide you with a bunch of Solo keys in recognition of your findings.
Join our release notification mailing list to be informed about each release: