| Version | Supported |
|---|---|
| 0.2.x | Yes |
| 0.1.x | No |
If you discover a security vulnerability, do not open a public issue. Email dev@symfinity.net with:
- Type of vulnerability
- Full paths of source file(s) related to the issue
- The location of the affected code (tag, branch, commit, or URL)
- Step-by-step reproduction instructions
- Proof-of-concept or exploit code (if possible)
- Impact and plausible attack scenario
We aim to acknowledge within 48 hours and provide a detailed response within 7 days.
When using this bundle:
- Keep Symfony and other dependencies updated
- Use HTTPS for font delivery in production
- Lock fonts locally in production (
php bin/console fonts:lock) - Review locked font manifests regularly
- Prefer privacy-friendly providers (Bunny Fonts, Fontsource, local fonts) when GDPR matters