The following table shows which versions of this project are provided with security updates:
| Version | Status |
|---|---|
| 3.0.x | ✅ Active |
| 2.4.x | ✅ EOL |
| < 2.4 | ❌ EOS |
- Active: are actively under development and will receive any updates
- EOL: End of Life, will only receive bug and security fixes
- EOS: End of Support, are closed and will no longer receive any updates
Please report security issues privately and do not open a public issue. To do so, please use the appropriate function on GitHub:
https://github.com/ChrissW-R1/general-parent/security/advisories
Include as much of the following as possible:
- Affected module(s) and versions/branches
- Steps to reproduce / proof of concept
- Impact assessment
- Any suggested fix or mitigation
We aim to:
- acknowledge within 2 business days
- provide an initial assessment within 7 business days
- publish a fix as soon as reasonably possible, depending on severity and complexity
We follow coordinated vulnerability disclosure. Please allow a reasonable time window for investigation and remediation before public disclosure.
We support the responsible publication of vulnerability even beyond the actual remediation. This may include - especially in the context of open-source projects - technical exchanges and the provision of background information for conferences, publications or presentations, provided that these serve to improve security. We expressly welcome prior consultation in this regard.