Skip to content

Security: polkadot-evm/frontier

Security

SECURITY.md

Security policy

Supported versions

Currently, only the latest master commit pin is supported. This will be extended back to releases as soon as we fix the Substrate release pipeline.

Reporting vulnerabilities

For medium or high severity security vulnerabilities, please report them by email to security@parity.io. If you think your report might be eligible for the Parity Bug Bounty Program, your email should be sent to bugbounty@parity.io. Please make sure to follow guidelines when reporting.

For low severity security vulnerabilities, you can either follow the above reporting pipeline or open an issue in the Frontier repo directly. If you are unsure about the severity of the vulnerability you're reporting, please reach out to Wei.

Advisory announcements

Due to the nature of open source, security vulnerability fixes are public. An announcement room at #frontier-security:matrix.org is available. The room is invite only and is only for ecosystem users who require immediate and urgent actions when an advisory is available. Please contact Wei for invites.

Learn more about advisories related to polkadot-evm/frontier in the GitHub Advisory Database