If you discover a potential security vulnerability in our project, please inform us at bsc23season@atu.ie. We are committed to collaborating with you to investigate the issue, confirm the vulnerability, and implement a solution.

When alerting us, kindly include these details:

• Affected component(s)
• Steps to reproduce the issue
• An overview of the security vulnerability and its potential impact

We ask that you initially reach out through the provided email, allowing the project team to address and rectify the vulnerability before it becomes publicly known. This approach helps safeguard our users by enabling them to update or upgrade their applications as necessary.

Upon confirmation of a security vulnerability, our response protocol is as follows:

We will apply fixes to both the current and the directly preceding minor release branches.

Following the fixes, we will promptly release updated security versions for each branch that has been patched.

We will publish a security advisory on our project's website, which will detail the nature of the vulnerability and offer guidance for users to protect themselves. These advisories will be accessible at https://bsc23season.org/security/advisories and through a feed.