The following table describes the versions of this project that are currently supported with security updates:

We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

Please refrain from reporting security vulnerabilities through public GitHub issues, discussions, or pull requests.

If you discover a security vulnerability, report the security issue to the project maintainers directly at opensource@toss.im.

We acknowledge vulnerability reports within 7 days and provide a status update at least every 30 days until resolution.

When a vulnerability is confirmed, we coordinate disclosure after a fix is available, or within 90 days when practical.