We support fixing security issues on the following releases:
| Version | Supported | Security fixes until |
|---|---|---|
| 14.2.1 | ✅ | 12 Months after the release (24 May 2025) |
| 14.1.1 | ✅ | 12 Months after the release (08 May 2025) |
| 14.0.1 | ✅ | 12 Months after the release (11 Mar 2025) |
| 13.0.1 | ✅ | 12 Months after the release (11 Mar 2025) |
| 12.0.0 | ✅ | 12 Months after the release (06 Nov 2024) |
| 11.3.5 | ✅ | 12 Months after the release (11 Mar 2025) |
| 11.2.6 | ✅ | 12 Months after the release (23 Nov 2024) |
| 11.1.1 | ❌ | No longer supported |
| 9.3.1 | ❌ | No longer supported |
| 9.2.1 | ❌ | No longer supported |
| 8.5.2 | ❌ | No longer supported |
If you’ve found a security issue in CakeDC Users plugin, please use the following procedure instead of the normal bug reporting system. Instead of using the bug tracker please send an email to security [at] cakedc.com.
For each report, we try to first confirm the vulnerability. Once confirmed, the CakeDC team will take the following actions:
- Acknowledge to the reporter that we’ve received the issue, and are working on a fix. We ask that the reporter keep the issue confidential until we announce it.
- Get a fix/patch prepared.
- Prepare a post describing the vulnerability, and the possible exploits.
- Release new versions of all affected versions.
- Prominently feature the problem in the release announcement