This is an overview of the security support status of aioxmpp releases. For the supported versions, we provide backports of security relevant patches ASAP after we become aware of them.

Note: Distributors of aioxmpp may also support older versions.

To report a vulnerability, you can send a GPG encrypted message to the main maintainer of aioxmpp, Jonas Schäfer. The GPG key ID is 0xE5EDE5AC679E300F (full fingerprint: AA5A 78FF 508D 8CF4 F355 F682 E5ED E5AC 679E 300F).

If you prefer to report vulnerabilities publicly right away, you can do so like you would report normal issues; that is, here on GitHub, in our chat room or on the mailing list (see the README for details).

When you report a security vulnerability, we will handle it with the highest priority and work, possibly with you, to create a fix. Please provide as much information as possible in the initial report so that we can get to the core of the issue right away.

We will keep you posted on progress of fixing the issue via a communication channel we negotiate when you first report it.