While in beta, only the most current minor version will be patched. For example, if the current version is v0.3.0 and a vulnerability is identified that affects all versions, only v0.3.x will be patched (e.g., v0.3.1 will be released). Versions v0.2.x and v0.1.x will not be patched.

The goal for GA releases is to maintain backward compatability for the v1.x major version.

Security is a core tenet of the Konfirm project, and we take all reported vulnerabilities very seriously. Please send vulnerability disclosures to dhenderson@teamraft.com. You should have a response within 25 days of submission.