Security fixes are applied to the latest release only. Older versions do not receive backported security patches.
| Version | Supported |
|---|---|
| latest | ✅ |
| older | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability, please report it privately so that it can be assessed and fixed before public disclosure. You can report a vulnerability through GitHub's private vulnerability reporting:
https://github.com/cubic-vm/cubic/security/advisories/new
Please include as much of the following information as possible to help us understand and reproduce the issue:
- A description of the vulnerability and its potential impact
- The affected version(s)
- Step-by-step instructions to reproduce the issue
- Any relevant logs, screenshots, or proof-of-concept code
- We will acknowledge receipt of your report.
- We will investigate and keep you informed of our progress.
- Once a fix is ready, we will coordinate a release and public disclosure with you.
We appreciate your effort in responsibly disclosing security issues and helping to keep Cubic safe for everyone.