Skip to content

Security: savonrb/httpi

SECURITY.md

Security Policy

Supported versions

Security fixes are released for the latest 4.x release.

Version Supported
4.0.x
< 4.0

If you are on an older release, upgrade to the latest 4.x before reporting.

Reporting a vulnerability

Please do not report security issues through public GitHub issues.

Instead, report a vulnerability privately through GitHub. You will get an acknowledgement within 7 days. Please keep the report confidential until a fix is released.

Scope

This policy covers the httpi gem, which is the default HTTP transport for the savon SOAP client. For issues in another gem in the family (akami, gyoku, nori, wasabi, savon), report to the affected repository in the savonrb organization. If you are not sure which gem is affected, report it here.

There aren't any published security advisories