Since this is a general file that will show up by default on my projects it's hard to give an absolute statement. In general only the most recent version is fully supported, but I may still take actions on older versions, if it seems appropriate.
The exception are archived repositories. If the repository is archived, it is safe to assume that I no longer maintain the project. If it is distributed via a platform like NPM where you can mark things as deprecated and I haven't, please still let me know.
To report a vulnerability, please use one of these confidential channels:
- By email to [email protected] (PGP key available, same as commit signature key, should also have WKD)
- On matrix at @freaktechnik:humanoids.be
I will assess the vulnerability and use best judgment to decide how much of a risk I think it is and will communicate that back to you. I won't guarantee that I'll let you know when the vulnerability is finally fixed if I decide to delay the fix, however I will give my best.
Thank you for being concerned about the security of one of my proejcts!