Skip to content

Security: eXist-db/exist

Security

SECURITY.md

Security Policy

Supported Versions

eXist-db provides security patches for the following versions:

Version Supported
< 4.7.0
< 4.0

Reporting a Vulnerability

If you find a security vulnerability, do NOT open an issue.

Any security issues should be submitted directly to [email protected]. In order to determine whether you are dealing with a security issue, ask yourself these two questions:

  • Can I access something that's not mine, or something I shouldn't have access to?
  • Can I disable something for other people?

If the answer to either of those two questions are "yes", then you're probably dealing with a security issue. Note that even if you answer "no" to both questions, you may still be dealing with a security issue, so if you're unsure, just email us at [email protected].

You can generally expect a response from the core developers within 48h.

There aren’t any published security advisories