The following versions of BBMRI-ERIC Negotiator receive security updates:
| Version | Supported |
|---|---|
| 3.x.x | ✅ Yes |
| 2.x.x | ❌ No |
If you are using an unsupported version, please upgrade to receive security patches.
Security is a top priority for BBMRI-ERIC Negotiator. If you discover a vulnerability, please report it responsibly by following these guidelines:
- Do not disclose vulnerabilities publicly, including GitHub Issues or forums.
- Instead, report vulnerabilities via email: negotiator@helpdesk.bbmri-eric.eu.
- Provide a detailed description, including steps to reproduce, affected versions, and any potential impact.
- We will acknowledge receipt of your report within 48 hours and provide a resolution timeline.
To maintain a secure environment, we follow these principles:
- Secure coding practices and dependency scanning tools.
- Regular security audits and reviews.
- Avoidance of hardcoded secrets or sensitive data in repositories.
We appreciate responsible security research and will publicly acknowledge verified vulnerabilities and contributors in release notes where appropriate.
For more information:
Thank you for helping us keep BBMRI-ERIC Negotiator secure!