If you believe you have found a security vulnerability in Thread, we encourage you to let us know right away. We will investigate all reports and do our best to quickly fix the problem.
To report a vulnerability, please follow these steps:
- Email us: Send an email to [email protected] with the subject line "Security Vulnerability Report".
- Provide details: Include as much information as possible about the vulnerability. This should include:
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Potential impact and severity of the vulnerability.
- Any possible mitigations or workarounds.
- Please do not disclose publicly: Please do not disclose the vulnerability publicly until we have had a chance to address it. We will work with you to ensure we understand the issue and provide a fix.
Once a vulnerability is reported, we follow these steps:
- Acknowledgment: We will acknowledge receipt of your report.
- Investigation: Our team will investigate the report and determine the severity and impact of the vulnerability.
- Resolution: We will work to fix the vulnerability as quickly as possible. You will be notified when the issue is resolved, and we may ask you to verify the fix.
- Disclosure: After the vulnerability is fixed, we will publicly disclose the details of the vulnerability and the fix. We will give credit to the reporter unless they wish to remain anonymous.
We currently support and maintain the following versions of Thread:
Version | Supported |
---|---|
1.x | ✅ |
< 1.x | ❌ |
Actually, there is only one version of Thread currently and it is supported! This will be filled out as more versions are released.
Security updates will be released as necessary, and users will be notified via our release notes and security advisories.
To help keep your installation of Thread secure, we recommend the following best practices:
- Regular Updates: Keep Thread and all dependencies up to date.
- Access Controls: Limit access to your Thread instance to only those who need it.
Thank you for helping us keep Thread secure!