eXist-db provides security patches for the following versions:
| Version | Supported |
|---|---|
| < 4.7.0 | ✅ |
| < 4.0 | ❌ |
If you find a security vulnerability, do NOT open an issue.
Any security issues should be submitted directly to security@exist-db.org. In order to determine whether you are dealing with a security issue, ask yourself these two questions:
- Can I access something that's not mine, or something I shouldn't have access to?
- Can I disable something for other people?
If the answer to either of those two questions are "yes", then you're probably dealing with a security issue. Note that even if you answer "no" to both questions, you may still be dealing with a security issue, so if you're unsure, just email us at security@exist-db.org.
You can generally expect a response from the core developers within 48h.