Currently, only the latest major version of WorkflowForge is supported with security updates.
| Version | Supported |
|---|---|
| v2.x | ✅ |
| v1.x | ❌ |
If you discover a security vulnerability within WorkflowForge, please do not disclose it publicly. Instead, please send an email to the project maintainers or open a draft security advisory via GitHub Security Advisories for this repository.
We consider the following to be high-priority vulnerabilities:
- Exposure of sensitive workflow data
- Arbitrary code execution through workflow definition injection
- Denial of Service (DoS) attacks on the core Foundry engine
You can expect an initial response within 48 hours. If the vulnerability is accepted, we will coordinate with you on publishing a fix.