Security Policy

Supported Versions

While I do retain older versions in CPAN for purposes of not impacting users who depend on them, please reference the table below for supported versions. Any version falling behind the support window should be understood to be end-of-life and unsupported. This project does not backport security patches to older versions.

| Version | Supported | | ---------- | ------------------ | | >= 2.40011 | :white_check_mark: | | < 2.40011 | :x: |

[!IMPORTANT] Versions prior to 2.40011 may use OpenSSL 1.x versions which are end-of-life and known to have high-severity CVEs.

Reporting a Vulnerability

To report a vulnerability, please use the Security Tab on GitHub, and click the "Report a vulnerability" button.

Security vulnerabilities will be triaged as soon as possible
Once a vulnerability has been mitigated, the vulnerability will be disclosed in its entirety, beginning with the original report
If a report turns out to not be a problem, the report will still be made public
Obvious spam reports will also be made public, but will be made public with appropriate amounts of snark added for flavor

[!IMPORTANT] If you would like your identity to remain confidential, YOU MUST SAY SO IN YOUR REPORT CONSPICUOUSLY! I will keep confidence, but only if I understand that it is confidential.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)