As careful and community-oriented maintainers, we strive to keep our code safe to use for everyone. For this purpose, we highly value your input and will acknowledge your contributions as best we can.
Unfortunately, the resources available for maintaining message_ix do not allow us to:
- Support multiple versions at once.
- Publish maintenance updates for older versions. For example, once
message_ixversion 3.10 is released, no further patch versions like 3.8.x, 3.9.x, etc. are possible.
We generally develop our main branch and so to get the version of our code that contains all currently available security updates, please install our code from source using the main branch.
Please reach out to us if you encounter any issues in doing so.
If this is not an option, please ensure you are using the latest release of our code to profit from as many security updates as possible.
message_ix is generally released twice a year, but may make additional releases on a shorter time line if necessary to mitigate critical vulnerabilities.
To report a security issue, please use the GitHub Security Adivsory "Report a vulnerability" tab. We will try to respond to your report as soon as possible with our and your next steps. If you wish, we will keep you informed about any progress until the vulnerability is fixed.