We release patches for security vulnerabilities for the following versions:

If you discover a security vulnerability within Frostpane, please send an email to Cameron Rye at c@meron.io. All security vulnerabilities will be promptly addressed.

Please include the following information in your report:

• Type of vulnerability
• Full paths of source file(s) related to the vulnerability
• Location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• You will receive a response within 48 hours acknowledging your report
• We will investigate and keep you informed of our progress
• Once the vulnerability is confirmed, we will work on a fix
• We will release a security advisory and credit you for the discovery (unless you prefer to remain anonymous)

• Please do not publicly disclose the vulnerability until we have had a chance to address it
• We aim to resolve critical vulnerabilities within 7 days
• We will coordinate with you on the disclosure timeline

Thank you for helping keep Frostpane and its users safe!