Deserve runs at the edge of your application, so security matters here. This page explains which versions get fixes and how to report a problem without putting users at risk.
Deserve is pre-1.0, so fixes land on the latest release. Stay current to receive security updates.
| Version | Supported |
|---|---|
| 0.12.x | Yes |
| < 0.12 | No |
Please do not open a public issue for a security problem. A public report tells everyone about the hole before there is a patch to close it.
Instead, report it privately through GitHub Security Advisories:
- Go to Security Advisories and open a new draft.
A useful report usually includes:
- The version of Deserve and Deno in use
- A short description of the impact, such as what an attacker could read, change, or break
- Steps or a small snippet that reproduces the issue
- Any idea you have for a fix, if you have one
Once a report arrives:
- It will be acknowledged so you know it was received.
- The issue will be confirmed and its impact assessed.
- A fix will be prepared and released, with credit to you unless you prefer to stay anonymous.
- Once users have had a chance to update, the details may be published as an advisory.
Thank you for helping keep Deserve and the people who depend on it safe.