The following versions of viz are being supported with security updates.
| Version | Supported |
|---|---|
| 5.x.x | ✅ |
| < 5.0 | ❌ |
The TWA team and community take security bugs in The World Avatar seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
Process Please do not open GitHub issues or pull requests to address security vulnerabilities - this will make the problem immediately visible to everyone, including malicious actors.
To report a security vulnerability, email support@cmcl.io
To help us triage and action your report quickly, please include the following in your report:
Product Name Description of the vulnerability Impact of vulnerability Steps to reproduce The TWA team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Security bugs in third-party modules Please report security bugs in third-party modules to the person or team maintaining the module.