Security updates are provided only for the following versions of sigauth core:
| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
| < 1.0 | ❌ No |
Unmaintained versions do not receive security fixes. Upgrade is mandatory.
If you discover a security vulnerability, report it privately.
- 📧 Contact: info@sigasoft.de
- 🔐 Do not open public issues or discussions.
- 🧪 Include a minimal reproducible example or PoC if possible.
- Initial response within 72 hours
- Status updates at least every 7 days
- If accepted, a fix will be developed and released promptly
- If declined, a technical justification will be provided
We follow responsible disclosure. Public disclosure before a fix is released is discouraged.
This policy applies only to:
- sigauth core
- sigauth integrations
- Official releases and maintained branches
Third-party integrations are out of scope.
Valid reports may be acknowledged in release notes unless anonymity is requested.