To receive fixes for security vulnerabilities it is required to always upgrade to the latest version of OpenRemote.
Fixes will only be released for previous releases under special circumstances.
To report a security vulnerability:
You can report a security vulnerability either through email, or as a GitHub issue. If you are uncertain what you have discovered is a vulnerability or you believe it is a critical issue please report using email (or both).
To report through email send an email to developers@openremote.io
To report through a GitHub issue go to https://github.com/openremote/openremote/issues
If you have a patch for the issue please use git format-patch
and attach to the email or issue. Please do not open a
pull request on GitHub as that may disclose sensitive details around the vulnerability.