<!--
SPDX-FileCopyrightText: 2021 Paul Schaub <info@pgpainless.org>

SPDX-License-Identifier: Apache-2.0
-->


# Security Policy

## Supported Versions

Use this section to tell people about which versions of your project are
currently being supported with security updates.

| Version | Supported          | Note       |
|---------|--------------------|------------|
| 1.6.X   | :white_check_mark: | LTS branch |
| 1.5.X   | :white_check_mark: |            |
| 1.4.X   | :white_check_mark: |            |
| 1.3.X   | :white_check_mark: | LTS branch |
| < 1.3.X | :x:                |            |

## Reporting a Vulnerability

If you find a security relevant vulnerability inside PGPainless, please let me know!
[Here](https://keyoxide.org/7F9116FEA90A5983936C7CFAA027DB2F3E1E118A) you can find my OpenPGP key to email me confidentially.

Valid security issues will be fixed ASAP.

## Audits

### Cure53 - FLO-04
PGPainless has received a security audit by [cure53.de](https://cure53.de) in late 2021.
The [penetrationj test and audit](https://cure53.de/pentest-report_pgpainless.pdf) covered PGPainless
release candidate 1.0.0-rc6.
Security fixes for discovered flaws were deployed before the final 1.0.0 release.