Please report security vulnerabilities privately so they can be fixed before becoming public. Do not open a regular public issue for security concerns.
You have two ways to report a vulnerability:
- Preferred: Use GitHub's private vulnerability reporting. This opens a confidential advisory thread with the maintainers directly on GitHub.
- Alternatively: Send an e-mail to polar@dataport.de.
Please include, if available, the following information in your report:
- Description of the issue
- The affected version(s)
- The impact of the issue, e.g. how the issue may be exploited
- Any configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
All client packages are supported in their current major version. By extension, core, plugin, and library packages are supported as they are used in the respective clients.