Security
Supported Versions
Security updates are only released for the current version.
Old releases are not maintained and do not receive updates.
The project is currently under development, and - until stated otherwise - it is not considered ready for production yet. That said, we encourage you to reach out to us if you have any questions or concerns via the channels mentioned below. We are committed to making Initium a secure and reliable solution for your needs.
Reporting a Vulnerability
Initium practices responsible disclosure.
We request that you contact us directly to report serious issues that might impact the security of users using Initium.
If you contact us regarding a serious issue:
- We will endeavor to get back to you within 72 hours.
- We will aim to publish a fix within 30 days.
- We will disclose the issue (and credit you, with your consent) once a fix to resolve the issue has been released.
- If 90 days have elapsed and we still don't have a fix, we will disclose the issue publicly.
The best way to report an issue is by contacting us via email at luca@nearform.com or raise a public issue requesting someone to get in touch with you via whatever means you prefer for more details. (Please do not disclose sensitive details publicly at this stage)
For less serious issues (e.g. RFC compliance for unsupported flows or potential issues that may cause a problem in the future), it is appropriate to make these public as bug reports or feature requests, or to raise a question to open a discussion around them.