The Spin team and community take security vulnerabilities very seriously. If you find a security related issue with Spin, we kindly ask you to report it through the GitHub project. All reports will be thoroughly investigated by the Spin maintainers.

We will disclose any security vulnerabilities in our Security Advisories.

All vulnerabilities and associated information will be treated with full confidentiality. We are thankful for your efforts in keeping Spin secure, and we will publicly acknowledge your contributions if you wish.

• We will support the current MAJOR version, and the latest MINOR version within that MAJOR version, until two months after the release of a new MAJOR version. Only PATCH releases of a MAJOR release, which is in the two month window, will be made available. For example, if v2.0 is released on 3/1/2023. v1.x will be supported until 5/1/2023, which is two months after v2.0 is released. Within the two month period (3/1/2023 - 5/1/2023), v1.x will only receive PATCH updates.
• We will support the current MINOR version, within the latest MAJOR version, until 1 month after the release of a new MINOR version. For example, if v1.1 is released on 4/15/2023. v1.0 will be supported until 5/15/2023. Within this period, PATCH releases will still be made for any critical fixes to v1.0.
• Only the latest PATCH version, for any MAJOR.MINOR version is supported. When a new PATCH version is released, any issue raised, will be fixed by a new PATCH release (roll-forward). For example, if v1.0.1 is released, and an issue is being raised based on v1.0.0, the immediate ask on the user is to upgrade to v1.0.1. If the issue is also in v1.0.1, a new PATCH version will be released as v1.0.2.