Currently we support security patches for the two most recent minor versions. For example, if Livebook v0.12.0 is released, we will backport security fixes for v0.12.x and v0.11.x. Once Livebook reaches v1.0, we plan to introduce more long-term security guarantees. If you have any questions, please reach our to them on Discussion page.

To report a security vulnerability, you can send an email to security@livebook.dev or privately disclose it on our GitHub page. If you don't receive an acknowledgement of the report within 24h, feel free to ping us in our public forums (but without disclosing the contents of the vulnerability).