If you believe you’ve identified a security vulnerability in Vernissage Server (for example, a flaw that could allow unauthorized access to data, bypass security checks, or perform actions that should not be possible), you can either:

• open a GitHub security issue on the Vernissage Server project
• reach us at [email protected]

A security issue is a problem in the software that could be exploited to harm users, compromise their privacy, or affect the integrity of the system.

You should not report such issues on public GitHub issues or in other public spaces. This gives us time to investigate and release a fix before the details become widely known, reducing the risk to Vernissage’s users.

A "vulnerability in Vernissage" refers to a flaw in the code provided through our official GitHub source code repository. Issues that arise from a specific deployment or configuration (for example, server misconfiguration or insecure hosting environment) are not considered vulnerabilities in Vernissage itself and should be reported directly to the administrator or owner of that particular installation, rather than to us.

Below is the list of Vernissage Server (API) versions that receive security patches.