Lura only fixes the latest version of the software, and does not patch prior versions.
Please email security@krakend.io with your discovery. As soon as we read and understand your finding we will provide an answer with next steps and possible timelines.
We want to thank you in advance for the time you have spent to follow this issue, as it helps all open source users. We develop our software in the open with the help of a global community of developers and contributors with whom we share a common understanding and trust in the free exchange of knowledge.
The Lura Project DOES NOT provide cash awards for discovered vulnerabilities at this time.
Thank you