While Velox Server has at present no particular development calendar, the current major release and the one immediately preceding (except pre-release) are officially supported and will receive security and bug fixes. Any versions prior to these are to be considered end-of-life and will receive no further updates; therefore, it's important to update to the latest major version whenever possible to do so.
Any security vulnerabilities in Velox Server or any other Kitsune Technologies project should be reported by e-mailing admin@kitsunetech.com. In this e-mail, please provide the following:
- The name of the project affected by the vulnerability (Velox Server, Velox Client, etc.)
- A description of the vulnerability and possible method of exploitation;
- If known, the file, class, and/or function in which the vulnerability was found;
- and, optionally, any suggestions to remedy or mitigate the vulnerability
Kitsune Technologies will use this information to triage the issue, issue a security advisory if necessary, and develop a patch for the vulnerability in question.
Note: the above only applies to matters involving a risk of breach of security. Any matters concerning functionality that do not pose a security concern should instead be opened as issues on this repository.