Only the last stable version at any given point.

We aim to acknowledge vulnerability reports within 3 business days. Resolution or assessment is typically provided within 30 days.

We address vulnerabilities that could compromise the confidentiality, integrity, or availability of GoReleaser or its users.

We are happy to publicly acknowledge reporters in release notes, unless anonymity is requested.

Vulnerabilities can be disclosed in private using GitHub advisories.

For issues common with GoReleaser OSS, please refer to this instead.

Thanks!