If you believe you have found a security vulnerability, please report it privately and do not disclose it publicly until it has been reviewed.
- Do not open a public issue, pull request, or discussion for security reports.
- Share a clear description of the issue and why it matters.
- Include steps to reproduce (or a minimal proof of concept) when possible.
- Note the affected version(s), configuration, and environment details.
- Attach relevant logs or error output if available.
- We will review reports as soon as possible.
- If the report is confirmed, we will work on a fix and plan a release.
- We may ask for additional details to reproduce or validate the impact.
- Please allow time for a coordinated fix before sharing details publicly.
Security fixes are provided for currently supported versions. If you are using an older version, you may be asked to upgrade to a supported release to receive a fix.
| Version | Supported |
|---|---|
| Pharo 14-dev | ✅ Yes |
| Pharo 13 | ✅ Yes |
Thank you for helping keep the project and its users safe.