OBiBa follows semantic versioning recommendations.

We use various code scanning services to automatically detect any new vulnerabilities.

Due to limited maintenance resources, only the branch of the latest release is updated with patch fixes as soon as a vulnerability is discovered. If a vulnerability is design-related a minor version will be prepared instead.

Note that we provide limited free support to previous branches: we always make sure that new releases are backward compatible, then the recommendation is to always use the latest version. In case an upgrade to latest major/minor version is not possible, we can set up a commercial agreement to backport corrections to previous branches.

You can report a vulnerability by:

• Using the Report a vulneralibity service of GitHub from the repository page, Security section.
• By sending an email at [email protected].