Skip to content

Security: obiba/rock

SECURITY.md

Security Policy

Supported Versions

OBiBa follows semantic versioning recommendations.

We use various code scanning services to automatically detect any new vulnerabilities.

Due to limited maintenance resources, only the branch of the latest release is updated with patch fixes as soon as a vulnerability is discovered. If a vulnerability is design-related a minor version will be prepared instead.

Note that we provide limited free support to previous branches: we always make sure that new releases are backward compatible, then the recommendation is to always use the latest version. In case an upgrade to latest major/minor version is not possible, we can set up a commercial agreement to backport corrections to previous branches.

Reporting a Vulnerability

You can report a vulnerability by:

  • Using the Report a vulneralibity service of GitHub from the repository page, Security section.
  • By sending an email at [email protected].

There aren’t any published security advisories