Moonraker provides security updates through new releases. All versions are supported, however users will need to update to the latest release to get the latest fixes.

Users can report security vulnerabilites through GitHub's private vulnerablility reporting. Once a report is received users should expect a typical response time of one to two days, one week at most. If the report is accepted as a legitimate vulnerability a security advisory will be drafted and a work will begin on a fix. The finder will get credit for the report and may be asked to collaborate on a private fork, depending on the depth of the vulnerability and complexity of the fix. Once the fix is complete and tested it will be pushed to the master branch of the repo, a new release will be created, and the security advisory will be published. Ideally this will occur within 1-2 weeks of the report.

If the report is declined no further action will be taken.