566 B
566 B
Security Policy
Supported Versions
Due to resource limitations, only the latest stable minor release is getting bugfixes (including security ones).
So e.g. if the latest stable version is 3.1.4, then 3.1.x line will still get security fixes but older versions (like 3.0.x) won't get any fixes.
Description above is a general rule and may be altered on case by case basis.
Reporting a Vulnerability
You can report low severity vulnerabilities as GitHub issues.
More severe vulnerabilities should be reported to email extractus.security@skiff.com.