Currently, only the latest master commit pin is supported. This will be extended back to releases as soon as we fix the Substrate release pipeline.
For medium or high severity security vulnerabilities, please report them by email to [email protected]. If you think your report might be eligible for the Parity Bug Bounty Program, your email should be sent to [email protected]. Please make sure to follow guidelines when reporting.
For low severity security vulnerabilities, you can either follow the above reporting pipeline or open an issue in the Frontier repo directly. If you are unsure about the severity of the vulnerability you're reporting, please reach out to Wei.
Due to the nature of open source, security vulnerability fixes are public. An announcement room at #frontier-security:matrix.org is available. The room is invite only and is only for ecosystem users who require immediate and urgent actions when an advisory is available. Please contact Wei for invites.