| Version | Stage | Environment | Supported Until |
|---|---|---|---|
| 0.x.x | Alpha | Development | not supported |
| 1.1.x | Alpha | Development | not supported |
| 1.2.x | Alpha | Development | not supported |
| 1.3.x | Alpha | Development | not supported |
| 1.4.x | Alpha | Development | not supported |
| 1.5.x | Alpha | Development | not supported |
| 1.6.x | Alpha | Development | not supported |
| 1.7.x | Alpha | Development | not supported |
| 1.8.x | Stable | Production | not supported |
| 1.9.x | Stable | Production | not supported |
| 1.10.x | Stable | Production | not supported |
| 1.11.x | Stable | Production | not supported |
| 1.12.x | Stable | Production | 30.08.2025 |
| 1.13.x | Stable | Production | 30.10.2025 |
| 2.0.x | RC | Beta | TBD |
| 2.1.x | Stable | Production | TBD |
| Stage | Environment | Notes |
|---|---|---|
| Alpha | Development | Experimental, incomplete, unstable. |
| Beta | Staging / Pre-production | Feature-complete but may have bugs. |
| RC | Staging / Public Testing | Final candidate for stable, should be almost bug-free. |
| Stable | Production | Official public release, fully supported. |
- Development – Used for features under active development. Not recommended for production.
- Staging – Mimics production, used for final checks before release.
- Pre-production – Stable-like environment for early adopters or selected customers.
- Public Testing – Available to the public for feedback (often open beta).
- Production – Deployed for all end users.
Supported Until dates will be updated as the development lifecycle progresses.
We handle vulnerabilities related to the following:
- Authentication and authorization issues
- Cross-site scripting (XSS)
- SQL injection
- Sensitive data exposure
- Other critical or high-severity issues
To report a vulnerability, please email milen.karaganski@proton.me. This email is exclusively for security-related reports. The first reply will be within 24 hours.
Expected time to fix any reported vulnerability:
- minor fixes: 24-72 hours.
- complex fixes: 1-4 weeks
For urgent vulnerabilities (e.g., critical data exposure or platform compromise), we will initiate an immediate investigation and update impacted users as soon as possible.
If you want to be notified when the reported vulnerability is resolved, please state this explicitly in the reporting email.
We request that vulnerabilities remain confidential for a reasonable time after a fix is applied, to allow our users to take appropriate steps, if necessary.
We define "reasonable time" based on severity:
- High/Critical: 1 month
- Medium: 2 months
- Low: 3 months
After a vulnerability is fixed, we will:
- Announce the fix on our website.
- Notify affected users directly if the vulnerability impacts their data or security. Notifications will be sent within 72 hours of confirming the impact.
- Provide instructions if any user action is required, such as password resets or API key regeneration.
In the event of a vulnerability that may affect user data, we prioritize the following actions:
- Isolate and secure affected systems to prevent further impact.
- Assess whether any data exposure or unauthorized access occurred.
- Notify affected users promptly if their data was impacted, per legal and regulatory requirements.
- Provide guidance on mitigation steps, if necessary.
We are committed to maintaining a secure SaaS platform. Our security measures include:
- Continuous monitoring for suspicious activity and vulnerabilities.
- Immediate deployment of security patches to all servers.
- Secure development practices, including code reviews and automated testing.
We recognize and appreciate the efforts of security researchers. If your report leads to a confirmed vulnerability fix, we may offer a public acknowledgment on our website or in our release notes (with your consent).