Only the current major rewrite version (2.0) and a limited number of feature releases will be supported.
| Version | Supported |
|---|---|
| 2.0.x | ✅ |
| < 2.0 | ❌ |
If the risk us backup integrity compromise, such as:
- Unauthorized read from a tapestry backup, or;
- Unauthorized signing/modification of a tapestry backup
Please contact securty@kenshosec.com rather than opening a ticket, due to the potentially sensitive nature of such information.
For all other security issues (privesc, etc), a typical issue ticket would suffice.
Tapestry is not covered by a formal bug bounty program, but we encourage research into its security implications and will not prosecute in the event vulnerabilities are found.