The following versions of Smashing are currently being supported with security updates.

Please, avoid reporting security issues in GitHub issues, as they are public. Get in touch via our chat room, letting the developers know that there is a security issue in Smashing.

Do not share the vulnerability in the chat, as that is public too. One of the developers will start a private chat with you. Or if you prefer to reach via e-mail, you can e-mail brunodepaulak (GMail).

If the vulnerability is accepted, one of the developers will work on the fix and reserve a CVE issue. You can provide your name when reporting the issue so that we can use it in the CVE issue for the “reporter” field.

Once the issue has been fixed in a branch, the developer will share the solution with you to confirm you agree the issue has been fixed. Finally, a new release will be prepared, and announced with the CVE to the community.

If the issue is declined, then we may either document the risk, or leave an issue open.

Thank you for your contributions and cooperation.