| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security vulnerability, do not open a public issue. Email dev@symfinity.net with:
- Type of vulnerability
- Full paths of source file(s) related to the issue
- The location of the affected code (tag, branch, commit, or URL)
- Step-by-step reproduction instructions
- Proof-of-concept or exploit code (if possible)
- Impact and plausible attack scenario
We aim to acknowledge within 48 hours and provide a detailed response within 7 days.
UI Kernel generates theme CSS and exposes theme preference endpoints when enabled:
- Keep Symfony and dependencies updated
- Treat
user_tokensoverrides as trusted configuration — do not pass untrusted input into--ui-*keys - When using theme preference cookies or PATCH endpoints, apply the same CSRF and session policies as the rest of your app