| Version | Supported |
|---|---|
Latest release on main branch |
Yes |
| Older releases | No |
Only the latest release on the main branch receives security updates. We strongly recommend running the most recent version at all times.
Please do NOT open a public GitHub issue for security vulnerabilities.
If you discover a security vulnerability in Vacademy, report it privately by emailing:
To help us investigate and resolve the issue quickly, please provide:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected component(s) (e.g., backend API, admin dashboard, learner app)
- The potential impact or severity in your assessment
- Any suggested fix or mitigation, if applicable
- Your name or handle for credit in the advisory (optional)
- Acknowledgment: Within 48 hours of receiving your report
- Assessment: Within 7 days we will provide an initial assessment, including severity classification and an estimated timeline for a fix
We will keep you informed of our progress and notify you when the issue has been resolved.
We ask that you:
- Allow us reasonable time to investigate and address the vulnerability before making any public disclosure.
- Do not exploit the vulnerability beyond what is necessary to demonstrate the issue.
- Do not access, modify, or delete data belonging to other users.
- Act in good faith to avoid disruption to our services and users.
In return, we commit to:
- Treating your report with confidentiality and professionalism
- Not pursuing legal action against researchers who follow this policy
- Crediting you in the security advisory (unless you prefer to remain anonymous)
- Working with you to understand and resolve the issue promptly
Thank you for helping keep Vacademy and its users safe.