We take the security of cryptoauthlib very seriously. Please submit security vulnerabilities to the Microchip Product Security Incident Response Team (PSIRT) which is responsible for receiving and responding to reports of potential security vulnerabilities in our products, as well as in any related hardware, software, firmware, and tools. Please see below for instructions on how to submit your report.
The previous API version is maintained for a year after a new version is released.
| Version | Supported | Notes |
|---|---|---|
| 3.7.x | ✔️ | |
| 3.6.x | ✔️ | Support Ends September 8 2024 |
| 3.5.x | ✔️ | Support Ends April 4 2024 |
| 3.4.x | ✔️ | Support Ends March 14 2024 |
| 3.3.x | ❌ | |
| 3.2.x | ❌ | |
| < 3.2 | ❌ |
How to Report Potential Product Security Vulnerabilities
Once a report is received, the PSIRT will take the necessary steps to review the issue and determine what actions might be required to address any potential impacts to our products. Microchip PSIRT follows a coordinated vulnerability responsible disclosure policy that is available for review.
Please use the above instructions to securely submit your findings - We ask that you refrain from reporting vulnerabilties through the public github issues system.