Only the most recent release of CmdBox receives security fixes. If you are using an older version, please update before reporting.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability, please report it privately by using GitHub's private vulnerability reporting feature. This ensures the issue can be reviewed and addressed before any public disclosure.
When submitting a report, please include:
- A clear description of the vulnerability
- The version of CmdBox affected
- Steps to reproduce the issue
- The potential impact or attack scenario
- Any suggested fixes, if you have them
- You will receive an acknowledgment within 5 business days
- We will investigate and keep you informed of progress
- We will notify you when the vulnerability has been resolved
- We will credit you in the release notes if you wish
We appreciate responsible disclosure and are grateful to anyone who takes the time to report security issues in good faith.