EzSeasons follows a latest-stable support policy:
| Version | Supported |
|---|---|
| 2.x (latest patch release) | ✅ Yes |
| 2.x (older patch releases) | |
| 1.x | ❌ No |
| < 1.0.0 | ❌ No |
Please upgrade to the newest 2.x release before reporting a vulnerability when possible.
Please do not report security vulnerabilities in public GitHub issues or discussions.
Report vulnerabilities privately by email:
Include the following information to help us triage quickly:
- A clear description of the vulnerability
- Affected EzSeasons version(s)
- Steps to reproduce or proof of concept
- Impact assessment (what an attacker could do)
- Any suggested fix or mitigation (optional)
After a private report is received, maintainers aim to follow these service levels:
- Acknowledgement: within 72 hours
- Initial triage/update: within 7 calendar days
- Remediation communication: status updates at least every 14 calendar days until resolution
If a fix is available, maintainers will coordinate disclosure timing and release notes with the reporter whenever practical.