| Version | Supported |
|---|---|
| 2.2.x | ✅ |
| < 2.2 | ❌ |
To report a vulnerability email :
security@idunno.org
I will try to acknowledge your email within 24 hours, but please keep in mind this is a "spare-time" project. After the initial reply to your report, the security I will endeavor to keep you informed of how a fix is progressing and when you can expect it to be delivered. I may ask for additional information on the bug.
Please reproduce your bug on the latest supported version published on nuget.org
When diagnosing a security bug the following steps are
- Confirm the problem and determine the affected versions.
- Audit code to find any potential similar problems.
- Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible to nuget.
I would prefer report remain confidential until a fix is released, or I decide it is not an issue, but I aknowledge that some have other feelings about disclosure policies.