We welcome vulnerability reports on all releases. However, we only support the latest release with security patches.

Please report all security vulnerabilities to Security@BrokenBlueJeans.com and CC Chuck.Terry@Outlook.com. We strive to acknowledge all reports within 24 hours of initial contact. If you'd like to be included in the resolution process, please let us know and we're happy to include you to the extent possible.

We will additionally send you an email letting you know when the issue has been resolved (Let us know in the initial report if you'd like to opt-out). Please refrain from public disclosure until we have the opportunity to address the issue and deploy a patch.