We support the latest release and the current development branch with security updates. We use semantic versioning (MAJOR.MINOR.PATCH).
| Version | Supported |
|---|---|
| Latest release (e.g. 0.2.x) | ✅ |
| Older releases | ❌ |
When a vulnerability is fixed, we release a new patch version. 0.2.1 addresses CodeQL "Clear-text logging of sensitive information" (no credentials or connection details in log or notification messages). Please upgrade to the latest release to receive security fixes.
Do not open a public issue for security vulnerabilities.
- Preferred: Use GitHub Security Advisories (click "Report a vulnerability") so the report is private.
- Alternatively: Email the maintainer (see profile at github.com/hrodrig) with a clear description, steps to reproduce, and impact.
What to expect:
- We will acknowledge your report as soon as possible.
- We will work on a fix and keep you updated. For critical issues we aim to release a patch promptly.
- If the report is accepted, we will credit you in the advisory or release notes (unless you prefer to stay anonymous).
- If the report is declined, we will explain why.
Thank you for helping keep pgwd and its users safe.