We currently support and provide security updates for the following versions:
| Version | Supported |
|---|---|
| v0.1.x | ✅ |
We take the security of Capacitor seriously. If you believe you have found a security vulnerability, please do not open a public issue. Instead, please report it via the following process:
- Email us: Send a detailed report to security@cuprite.io.
- Details: Include a description of the vulnerability, a proof of concept, and the potential impact.
- Response: You will receive an acknowledgment within 48 hours.
- Disclosure: We follow coordinated disclosure. We will work with you to fix the issue before making it public.
Capacitor provides several built-in security features:
- mTLS: Encrypted and authenticated replication streams.
- Gossip Security: Shared-secret authentication for node discovery.
- Clock Smash Protection: Prevents malicious or broken clocks from disrupting cluster causality.