Security fixes are provided for the latest release series only.
Do not open public issues for security vulnerabilities.
Please report security vulnerabilities privately to Jordi Mas jmas@softcatala.org.
To help us triage effectively, please include:
- Severity assessment: Critical / High / Medium / Low, with a short justification.
- Impact: what an attacker can achieve (RCE, information disclosure, DoS, etc.).
- Reproduction steps with enough detail for maintainers to understand and validate the issue.
- We aim to acknowledge new reports within 2 weeks of submission.
- We aim to provide a fix or mitigation within 90 days of acknowledgement.