OpenMage LTS is a fork of Magento CE 1.9 which provides a place for the Magento community to continue to contribute to the Magento 1 code base. We appreciate you disclosing important security vulnerabilities responsibly and privately by following the easy process defined below.
We will keep the details of your security vulnerability report private and only share it with verified members of our organization or our partner organizations and only on an as-needed basis.
| Version | Branch | Supported |
|---|---|---|
| 1.9.4.4 | 1.9.4.x | ✅ |
| < 1.9.4.4 | 1.9.3.x, etc. | ❌ |
To report a vulnerability, please DO NOT open a public Issue or Pull Request.
Please email your security vulnerability report to one of the project maintainers listed in the README.md file along with your Github user name so that once we create a security advisory you may be added to it as a collaborator for further collaboration.
We will review the advisory and work with you to find a suitable solution. We will disclose the vulnerability once a patch is prepared and ours community and partners have an easy path forward to apply the patch promptly. We will be sure to give you credit for the vulnerability discovery unless you request otherwise.