Security Policy
Supported Versions
Our release cycle for new features (minor semver update) is roughly every two weeks (we will usually make a new release after each review).
| Version | Security Fixes* | Supported** |
|---|---|---|
| 4.x.x | ✅ | ✅ |
| 3.15.x | ✅ | ✅ |
| <= 2.9.x | ❌ | ❌ |
| < 2.0 | ❌ | ❌ |
Major Release (Semver)
Upcoming major updates will come with a time window in which both major versions (starting with v2.x.x) will receive security updates and bugfixes. The concrete support intervall will be probably a couple of months and will be published when the next major version will be released.
Minor Release/Feature Releases (Semver)
We currently plan to provide support for the latest minor semver release only.
Patch Release/Bugfix/Security Fix
We try to make bugfixes and high severity fixes available as patch release for the current minor release as early as possible.
Extended (Enterprise) Support
If you are interested in extended support for older versions with security updates of our project please get in touch with the project team via Slack or email secureCodeBox@iteratec.com.
Reporting a Vulnerability
You have found a vulnerability in the project that shouldn't be disclosed as public issue before it's fixed? Please get in touch with the project team via Slack or email secureCodeBox@iteratec.com.
You can expect a fast reaction within the next days. We will keep you updated about the next steps and inform you if the vulnerability is accepted and when its fixed or if its ordeclined somehow.