We support the latest minor release of redmine_kalvad_slack running on a supported Redmine 6.x release.

Please do not file a public GitHub issue for security problems. Email security@kalvad.com with:

• A description of the vulnerability.
• Steps to reproduce or a proof-of-concept.
• The plugin version, Redmine version, Ruby version, and any relevant configuration.
• Your name and a contact address if you would like credit in the changelog.

We aim to acknowledge new reports within 3 working days. We will keep you informed about the progress of a fix and the disclosure timeline. We do not operate a paid bug bounty.

In scope:

• Code in this repository.
• Default configuration documented in the README.

Out of scope:

• Vulnerabilities in Redmine itself. Please report those to the Redmine project.
• Vulnerabilities in third-party plugins or gems.
• Issues that require an attacker to already control the Redmine administrator account.

Thank you for helping keep redmine_kalvad_slack and its users safe.