Security is always the 1st priority when developing software, thats why our compromise with your security is on top of anything. Feel free to report any vulnerabilities you may encounter with our software, and we will do our best to solve them.
We like our users to be secure, but we cannot keep updated every version of the project because of logistics. Support is given accordingly to the CVSS 3.0 security ratings. Here is a chart:
| CVSS 3.0 Rating | Supported Versions |
|---|---|
| Critical | Releases within previous 3 months |
| High/Medium | Releases within previous month |
| Low | Latest release only |
To report a (suspected) vulnerability, go to create issue and select the Report a security vulnerability template. A contributor will be with you within 48 hours and if the issue is confirmed we will release a patch ASAP. The time to patch any vulnerability will always depend on how complex is the issue and if there are any other vulnerabilities reported of higher level, but usually a patch will be released in less than a week.