The following versions of PipraPay currently receive security updates and patches.
| Version | Supported |
|---|---|
| Latest Stable Release | ✅ |
| Previous Stable Release | ✅ |
| Older Releases | ❌ |
| Development / Beta Versions |
We strongly recommend running the latest stable release to receive security fixes and improvements.
The PipraPay team takes security seriously and appreciates responsible disclosure of vulnerabilities.
If you discover a security vulnerability, please do not create a public GitHub issue.
Instead, report it privately by:
- Email: security@piprapay.com
- Website: https://piprapay.com
Please include:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Screenshots, logs, or proof-of-concept code (if applicable)
- Your contact information for follow-up questions
After receiving a report:
- We will acknowledge receipt of the report within 72 hours.
- We will investigate and validate the issue.
- We may contact you for additional information.
- Security fixes will be developed and released as quickly as possible.
- Once resolved, we may publicly acknowledge your contribution unless you prefer to remain anonymous.
Please give us reasonable time to investigate and resolve reported vulnerabilities before publicly disclosing them.
We ask that researchers:
- Avoid accessing, modifying, or deleting user data.
- Avoid actions that could negatively affect users or system availability.
- Report vulnerabilities responsibly and in good faith.
This policy applies to:
- PipraPay Core
- Official PipraPay Plugins
- Official PipraPay Mobile Applications
- Official PipraPay APIs and Services
Third-party plugins, integrations, or modified distributions may have separate security policies and are not covered by this policy.
Thank you for helping keep the PipraPay ecosystem secure.