The latest minor release of Spegel receives patch updates for critical security vulnerabilities on a best-effort basis.
For guaranteed SLAs on security fixes and patches across multiple releases, enterprise support is available through Kvick.
Please report security vulnerabilities through GitHub Security Advisories. All reports are handled with priority.
We aim to acknowledge reports within 7 days and release patches for critical vulnerabilities within 30 days.
We request that security researchers follow responsible disclosure practices and allow us a reasonable time of 90 days to address the vulnerability before public disclosure.
With your permission, we will acknowledge your contribution in the release notes of the patch version.