Keeping data safe and secure is a huge responsibility and a top priority. Your input and feedback on our security is always appreciated.
We try to support the last major version plus the current. Therefore if we are on version 5.0, we will also support version 4.0 until we move to version 6.0. However, in the case of a vulnerability spanning more versions we will try to fix this as long as no breaking changes occur.
To report a vulnerability please email [email protected] with as much information as possible. A review will take place and you will receive an acknowledgement as soon as possible, usually within 72 hours.
The email subject should contain the repository, and a useful overview. Such as: [Project] Ability to access admin area using SQL injection.
At this time no monetary rewards will be given, however you will be added as a contributor to the aforementioned fix commit.