middag-io/ui is on the 1.x line. Only the newest release receives
security fixes — there are no long-term support branches, and upgrading to the
latest 1.x release is the supported remediation path.
| Version | Supported |
|---|---|
Latest 1.x release |
✅ |
| Older releases | ❌ |
During 1.x the public API is still consolidating — a minor release may carry
a documented breaking change. We recommend tracking the latest release so you
receive security and bug fixes promptly.
If you discover a security vulnerability, please report it privately by email to michael@middag.io.
Do not open public GitHub issues, pull requests, or discussions for security problems. Public disclosure before a fix is available puts all users at risk.
Please include as much detail as you can:
- A description of the vulnerability and its potential impact.
- Steps to reproduce, or a proof of concept.
- Affected version(s) and any relevant environment details.
- Acknowledgement: We aim to acknowledge your report within a few business days.
- Coordinated disclosure: We follow responsible (coordinated) disclosure. We will work with you to understand and address the issue before any public disclosure, and we ask that you keep the report confidential until a fix has been released.
- Credit: If you would like recognition for your report, we are happy to credit you once the issue is resolved. Let us know your preference.
Thank you for helping keep middag-io/ui and its users safe.