- Version 1.0 (latest stable release)
Note: Only the most recent stable release of SDK package is guaranteed to have security patches applied. Running older stable versions may leave you vulnerable to security risks; always run the latest version, or avoid exposing your instance to the public Internet to minimize risk. Further, please always understand that providing a person Administrator access to your SDK package is a risk, as Administrators can perform many destructive or damaging actions, regardless of any potential security issues.
If you're using an older version, consider upgrading to one of the supported versions to receive security patches.
UPS takes the security of SDK packages seriously which includes all source code repositories managed through our GitHub organizations.
If you believe you have found a security vulnerability in repository, please report it to us as described below.
When providing a report, please ensure that you:
-
Begin your email subject with [UPS SDK Security]. This is to indicate that emails with this tag are not missed.
-
Start with an "overview" section, written for public view, that describes at a high level what is affected, and the possible consequences.
-
Continue on with a "details" section outlining the code or any specific investigation being done and, if possible. any suggested fixes. Please provide as much context and detail as you can, including, ideally, a process for reliably triggering the vulnerability so we may test fixes with it.
If you discover a security vulnerability, please report it by sending an email to our support team directly at [email protected]. We appreciate your help in making our project more secure!
Thank you for using OAuth SDK!
We prefer to communicate in English.