The OSRD team and community take security bugs in OSRD seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
The only supported version is the latest release.
To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.
Important
Security issues must not be reported in Github's public issues.
The OSRD team will send a response indicating the next steps in handling your report. After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.