The table below indicates which versions of Deazl currently receive security updates.

Note: Only the latest major release of Deazl receives security fixes. Older versions are not maintained unless explicitly stated.

We take the security of Deazl very seriously and encourage responsible disclosure from the community.

If you find a vulnerability, please follow the steps below.

• Email us at clement.muth@deazl.fr

• Use the subject line: Security Report – <short description>

• Provide detailed information, including:

  • Steps to reproduce
  • Affected page(s) or API endpoint(s)
  • Expected vs actual behavior
  • Potential impact

• Do not open a public GitHub issue.
• Do not publicly disclose the vulnerability until a fix is released.
• We may request additional technical information to verify the issue.

You can expect:

• Acknowledgement within 72 hours
• Initial assessment within 7 days
• A fix or mitigation plan, depending on severity and complexity

If the vulnerability is accepted:

• The issue will be categorized by severity
• A fix will be developed and deployed
• You will be notified as soon as the patch is available
• You may be credited in the release notes unless anonymity is requested

• Security fixes may be backported to previous versions only when the vulnerability is critical and technically feasible.
• For urgent matters (e.g., active exploitation), please clearly indicate the severity in your email subject.