Security fixes are released for the latest 4.x release.
| Version | Supported |
|---|---|
| 4.0.x | ✅ |
| < 4.0 | ❌ |
If you are on an older release, upgrade to the latest 4.x before reporting.
Please do not report security issues through public GitHub issues.
Instead, report a vulnerability privately through GitHub. You will get an acknowledgement within 7 days. Please keep the report confidential until a fix is released.
This policy covers the httpi gem, which is the default HTTP transport for the savon SOAP client. For issues in another gem in the family (akami, gyoku, nori, wasabi, savon), report to the affected repository in the savonrb organization. If you are not sure which gem is affected, report it here.