If you believe you've found a security vulnerability in Revospring (a bug that allows something to happen that shouldn't be possible), you can reach us at support@revospring.net.

You should not report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Revospring's users to increased risk.

A "vulnerability in Revospring" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us.

As long as Revospring is in rapid development pace the currently supported version for security issues is always the latest tagged release.