We release security fixes for the latest minor version. We encourage all users to stay on the latest release.
| Version | Supported |
|---|---|
| latest release | ✅ |
| older releases | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
If you believe you have found a security vulnerability in any Sveltos repository, please report it responsibly by sending an email to:
Please include as much of the following information as possible to help us understand and resolve the issue quickly:
- A description of the vulnerability and its potential impact
- The affected component(s) and version(s)
- Step-by-step instructions to reproduce the issue
- Any proof-of-concept or exploit code (if applicable)
- Suggested remediation (if any)
- You will receive an acknowledgement within 2 business days
- We will investigate and keep you informed of our progress
- Once the issue is confirmed, we will work on a fix and coordinate a release
- We will publicly disclose the vulnerability after a fix is available, giving you credit unless you prefer to remain anonymous
This policy covers all projects under the projectsveltos GitHub organization.
- Vulnerabilities in dependencies (please report those to the upstream project)
- Issues in non-production branches or unreleased code
- Social engineering attacks
We appreciate responsible disclosure and the work of the security community in keeping Sveltos and its users safe.