| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security vulnerability, do not open a public issue. Email dev@symfinity.net with:
- Type of vulnerability
- Full paths of source file(s) related to the issue
- The location of the affected code (tag, branch, commit, or URL)
- Step-by-step reproduction instructions
- Proof-of-concept or exploit code (if possible)
- Impact and plausible attack scenario
We aim to acknowledge within 48 hours and provide a detailed response within 7 days.
When using this bundle:
- Keep Symfony,
symfinity/ui-kernel, and other dependencies updated - Treat catalog routes (
/ux-blocks-core/catalog) as dev or internal tooling — do not expose without authentication in production - When using
SchemeSwitchwith the optional theme PATCH endpoint, apply the same CSRF and session policies as the rest of your app