We always recommend using the latest version of Tramline to ensure you get all security updates.
Currently, security updates are not backported to previous versions.
If you've found a security vulnerability in the Tramline codebase, you can disclose it responsibly by sending a summary to [email protected]. We will review the potential threat and get back to you within two (2) business days. We will then work on fixing it as fast as we can, followed by a public disclosure with attribution to you.
While researching, we’d like you to refrain from:
- Denial-of-Service (DoS)
- Spamming
- Social engineering or phishing of Tramline employees or contractors
While we do not have a bounty program in place yet, we are incredibly thankful for people who take the time to share their findings with us. Whether it's a tiny bug that you've found or a security vulnerability, all reports help us to continuously improve Tramline for everyone. Thank you for your support!