We aim to support the latest stable release of Mocapi and provide critical security patches as needed. Please ensure you are using the most recent version before reporting issues.
| Version | Supported |
|---|---|
| Latest | ✅ Yes |
| Older | ❌ No |
If you believe you've found a security vulnerability in Mocapi, we strongly encourage you to contact us privately to allow time for remediation.
Please email us at [email protected] with the following details:
- A detailed description of the issue
- Steps to reproduce (if applicable)
- Any known workarounds
- Impact assessment (what's affected and how)
- Whether the vulnerability is publicly known
We aim to respond to all reports within 3 business days, and to coordinate a fix within 7–14 business days, depending on severity and complexity.
Please do not report vulnerabilities through public GitHub issues, pull requests, or discussions.
- We will publicly acknowledge and thank reporters (if desired).
- We will handle reports confidentially and professionally.
- We will publish advisories for confirmed vulnerabilities with CVSS scoring when applicable.
- We may issue patched versions for supported releases or advise on mitigation.
We believe in responsible security research and disclosure. We do not currently run a bug bounty program, but we value all responsible disclosures and may credit you in security advisories if requested.
Thank you for helping keep Mocapi and the community safe!