SECURITY.md

Ourrelease cycle for new features (minorsemver update)is roughly every four weeks (we will usually make a new release after each sprint review).

Upcoming major updates will come with a time window in which bothmajor versions (starting with v2.x.x)will receive security updates and bugfixes. The concrete support interval will probably be a couple of monthsand will be published when the next major version is released.

We currently plan to provide support for thelatest minorsemver release only.

We try to make bugfixes and high severity fixes available as patch release for the current minor releaseas early as possible.

If you are interested in extended support for older versions with security updates of our projectplease get in touch with the project team via Slack or emailsecureCodeBox@iteratec.com.

You have found a vulnerability in the project that shouldn't be disclosed as a public issue before it's fixed?Please report it using GitHub Security Advisories athttps://github.com/secureCodeBox/secureCodeBox/security/advisories.

If you are unable to use GitHub advisories, please email the project leaders at their OWASP email addresses that can be found underhttps://github.com/OWASP/www-project-securecodebox/blob/master/leaders.md.

You can expect a fast reaction within the next few days.We will keep you updated about the next steps and inform you if the vulnerability is accepted and when it's fixed or if it's declined somehow.