| Version | Supported | Supported Until |
|---|---|---|
| >= 5.x.x | ✅ | Next major version + 6 months |
| >= 4.x.x | ✅ | 2026-01-18 |
| >= 3.0.0 | ❌ | 2022-06-01 |
| <= 3.0.0 | ❌ | N/A |
To report a security vulnerability, please follow these steps:
- For non-critical issues:
Open a new issue and select
the "Bug Report" template. Add the
securitylabel to your issue. - For critical vulnerabilities: Please report them by tagging the core maintainers directly (see the Contacts section below).
Security issues are a priority, and we aim to resolve them within 48 hours. If we cannot resolve a security vulnerability in the wrapper itself, we will raise the issue upstream with relevant parties such as 3rd party package maintainers where possible.
We regularly update our dependencies to patch security vulnerabilities. We use Dependabot to automate this process, which creates pull requests for security updates monthly.
For critical security issues, please tag:
- James Robb (@jamesrweb)
- Eugene Dyko (@yevdyko)
When we receive a security bug report, we will:
- Confirm the vulnerability and determine its impact
- Develop a fix and release it according to severity
- Publish a security advisory if necessary
We appreciate your help in keeping @p5-wrapper/react secure!