| Version | Supported |
|---|---|
| latest release | Yes |
| older releases | No |
Only the latest release receives security updates.
Do not open a public issue.
- Preferred: use GitHub Private Vulnerability Reporting.
- Fallback: email m2papierz@gmail.com with subject
[Pirx Security].
Include:
- Description of the vulnerability and its impact
- Reproduction steps or proof of concept
- Affected version(s) and component(s)
| Step | Target |
|---|---|
| Acknowledgement | 48 hours |
| Triage and severity assessment | 5 business days |
| Fix | Dependent on severity |
| Public disclosure | After fix is released |
We follow coordinated disclosure. We ask reporters to keep findings confidential until a fix is released. We credit reporters in the release notes unless anonymity is requested.
We consider security research conducted in good faith to be authorized and will not pursue legal action against researchers who:
- Make a good-faith effort to avoid privacy violations, data destruction, and service disruption
- Do not exploit a vulnerability beyond the minimum necessary to demonstrate it
- Report the vulnerability through the channels described above before any public disclosure