We release patches for security vulnerabilities in the following versions:

The Supermetrics team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please email us at security@supermetrics.com with the following information:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

After you've submitted a vulnerability report:

• You should receive an acknowledgment within 48 hours
• We will confirm the problem and determine the affected versions
• We will audit code to find any similar problems
• We will prepare fixes for all supported releases
• We will release the fixes as soon as possible

• Please give us reasonable time to respond to your report before making any information public
• We aim to address critical security issues within 24 days of disclosure
• We will coordinate the timing of public disclosure with you

If you have suggestions on how this process could be improved, please submit a pull request or open an issue to discuss.