This is a quick description of how we deal with vulnerabilities, and what you can expect.
All version of the API are prone to hotfix or patch support. This is regardless of the environment it is running on.
However, we do not support extremely outdated software such as:
- Windows 7 SP1
- Linux kernels below 3.19.x
- MacOS versions below Sierra
To report a vulnerabilty, make an issue in the appropiate repository;
- Assign Deadly as the assignee.
- Apply the proper labels, and apply the vulnerability label to the issue
- Mention the assignee's somewhere in the issue.
The vulnerability will be fixed within 48 hours, and you'll be notified of it's status.
You do not publicly release any information about the vulnerability before it's fixed.