At this time we are supporting versions 2.0.0 and up. The legacy versions 0.5.x and 1.0.x are no longer supported since version 2.0.0+ is an entirely new codebase.
| Version | Supported |
|---|---|
| 2.0.x | ✅ |
| < 2.0.0 | ❌ |
To securely report a vulnerability for the Payload project, please email me: me@jonahseguin.com with the topic "Payload Security"
If you wish to do this via GitHub issues feel free, but it may expose the vulnerability to attackers long enough to allow for servers currently using vulnerabile versions of Payload to be negatively impacted.
So we request that you please use email.
We plan for Payload to have it's own security system in the future.