Amplify is currently only used as a centrally hosted site, so the only supported version is the latest code in our main branch.

If you have found a security vulnerability in Amplify, please send an email to our team: [email protected]

Include all of the following details in your description of the vulnerability:

• Platform used. For example: Ubuntu 20.04.2 LTS (x86_64)
• Exact version of Amplify that you tested. For example: commit 94d053f0234da0f418a3a683b590169c92a9683d
• The source location of the bug and/or any other information that you are able to provide about what the cause of the bug is.
• Browser used, if relevant. For example: Google Chrome 97.0.4692.99 (Official Build) (arm64)
• Site/API URL, if relevant
• Explanation of how to exploit the vulnerability

To qualify as a security issue, the bug must be reproducible on the latest release of Amplify via a realistic attack vector.