http4k is released on a regular basis, generally as soon as fixes are available. We recommend keeping http4k up-to-date in order that any changes to APIs will not need to be mixed in with security patches.
Version | Supported |
---|---|
4.x | ✅ |
3.x and below | ❌ |
Please reach out to: security@http4k.org
if you find a vulnerability with http4k code. Typically you can expect a response the same working day.
For vulnerabilities in third party dependencies, we monitor these separately and update as soon as a fix is released by the maintainers. Our normal policy is to fix-forward.