Foam is supported on a reasonable endeavours basis. Patches will be applied to the latest version rather than retroactively to older versions. To ensure you are using the most secure version of Foam, please make sure you have the latest release.

In most scenarios, the most appropriate way to report a vulnerability is to raise a new issue describing the problem in as much detail as possible, ideally with examples. This will obviously be public. If you feel that the vulnerability is significant enough to warrant a private disclosure, please email security@foamnotes.com