This security policy applies to public projects under HDRUK organisation on GitHub.

Security and bug fixes are generally provided only for the last minor version. Fixes are released either as part of the next minor version or as an on-demand patch version.

Security fixes are given priority and might be enough to cause a new version to be released.

We encourage responsible disclosure of security vulnerabilities. If you find something suspicious, we encourage and appreciate your report!

Please do not report security vulnerabilities through public GitHub issues. Instead, for the reports to reach maintainers as soon as possible, the preferred way is to use our reporting portal here. This creates a private communication channel between the reporter and the maintainers.