Skip to content

Latest commit

 

History

History
28 lines (21 loc) · 1.38 KB

SECURITY.md

File metadata and controls

28 lines (21 loc) · 1.38 KB

Security Policy

Supported Versions

Currently we support versions 2.x.x of MQTTNIO. These will receive security updates as and when needed.

Reporting a Vulnerability

If you believe you have found a security vulnerability in MQTTNIO please do not post this in a public forum, do not create a GitHub Issue. Instead you should email [email protected] with details of the issue.

What happens next?

  • A member of the team will acknowledge receipt of the report within 5 working days. This may include a request for additional information about reproducing the vulnerability.
  • We will privately inform the Swift Server Work Group (SSWG) of the vulnerability within 10 days of the report as per their security guidelines.
  • Once we have identified a fix we may ask you to validate it. We aim to do this within 30 days, but this may not always be possible.
  • We will decide on a planned release date and let you know when it is.
  • Once the fix has been released we will publish a security advisory on GitHub and the SSWG will announce the vulnerability on the Swift forums.