This project takes security vulnerabilities in SAPL seriously. We appreciate your efforts to responsibly disclose your findings and will ensure to acknowledge your contributions.

We do not support old versions, all bug/feature/security updates will be released in the next planned release.

Please do not report security vulnerabilities through public issues.

Instead, please use the advisory feature to report security vulnerabilities. This enables us to triage and resolve critical vulnerabilities before disclosing them to the public.

If you're unable to use this feature you can send a mail to [email protected].

We strive to acknowledge each report in less than 5 business days. The time it takes to resolve a report depends on the specifics of the vulnerability.