We support fixing security issues on the following releases:
| Version | Supported | Security fixes until |
|---|---|---|
| 3.x.x | ✅ | 3 Months after the release of 4.0.0 |
| 2.x.x | ❌ | No longer supported |
| 1.x.x | ❌ | No longer supported |
If you’ve found a security issue in ModernPDO, please use the following procedure instead of the normal bug reporting system. Send a message to the owner in telegram.
For each report, we try to first confirm the vulnerability. Once confirmed, the ModernPDO team will take the following actions:
- Acknowledge to the reporter that we’ve received the issue, and are working on a fix. We ask that the reporter keep the issue confidential until we announce it.
- Get a fix/patch prepared.
- Prepare a post describing the vulnerability, and the possible exploits.
- Release new versions of all affected versions.
- Prominently feature the problem in the release announcement