We do not encorage user to run instances of BUG exposed to the internet. BUG is a tool intended to be used within a private/local network.
- Security SLA: BUG does not provide a formal SLA for security issues under the Apache 2.0 License.
- Release Schedule: Releases prioritise new functionality and include fixes for known security vulnerabilities at the time of release. While major releases typically occur one to two times per year, BUG does not guarantee a fixed release schedule.
- Version Support: Security patches are only ever provided for the latest release version.
We encorage the reporting of security vulnerabilities, please raise an issue on this repo.
Alternatively, you can find more information at - https://www.bbc.com/backstage/security-disclosure-policy