KodLyft FSM is in active early development. Security fixes are applied to the latest released minor
version and the develop branch.
| Version | Supported |
|---|---|
| latest | ✅ |
| older | ❌ |
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately via one of:
- GitHub's private vulnerability reporting, or
- email hello@kodlyft.com with the subject
SECURITY: <short summary>.
Please include:
- a description of the issue and its impact,
- steps to reproduce or a proof of concept,
- affected surface(s) and version(s),
- any suggested remediation.
- We aim to acknowledge reports within 3 business days.
- We'll keep you informed as we investigate and work on a fix.
- We'll credit you in the release notes once a fix ships, unless you prefer to remain anonymous.
Because KodLyft builds on Frappe and ERPNext, vulnerabilities in those frameworks should also be reported to their respective security teams.