We release patches for security vulnerabilities for the following versions:

If you discover a security vulnerability, please report it by emailing the repository owner or creating a private security advisory on GitHub.

Please do not report security vulnerabilities through public GitHub issues.

We will acknowledge your report within 48 hours and will send a more detailed response indicating the next steps in handling your report. After the initial reply to your report, we will keep you informed of the progress towards a fix and full announcement.

1. The security team will investigate and confirm the vulnerability
2. A fix will be developed and tested
3. A new version will be released with the security fix
4. A security advisory will be published
5. Users will be notified to upgrade

• Always use the latest version of vga-events
• Keep your Go runtime up to date
• Review the release notes for each version
• Use Homebrew to keep the tool updated: brew upgrade vga-events