If vulnerabilities found in our projects code we will check each reported security issue and fix them for the latest release of our software. For older version we will check the effort and probably supply a fix also. Normally we will supply a new bugfix release of the affected version of our software. Alternatively we will fix a security issue in the current 'develop' branch and provide a new version of our software.

In general we will accept each vulnerability caused by our published source code. Vulnerabilities detected on software we are referencing by dependencies are accepted only if a fix for this software is available and you can't upgrade to this software we are referencing by yourself or the functionality of our software is reduced after such an upgrade.

To report a vulnerability add a new issue at our project on GitHub. If you believe that the found issue should not be published at this time you should send an E-Mail to ist@ist-software.com or to the projects owner (r.wunsch@ist-software.com) to report the issue. Please tell us which version of software you are using together with a description of the vulnerability. Possibly you can provide a pull request to our project to make a fix.