Security Policy

Supported Versions

Active Login is an open source project under the MIT-license and the software is provided "as is", without warranty of any kind.

The work we do regarding feature updates, security patches and maintenence is focused on the latest stable of the BankID-libraries available on NuGet.

If you need an SLA, support for older versions or patches to be applied to older versions we can help you on a case to case basis, see contact details under Commercial support.

Reporting a Vulnerability

Please report (suspected) security vulnerabilities to security@activesolution.se. You will receive a response from us as fast as possible and we will work with you to confirm the severeness of the vulnerability and get back with a plan on when a patch can be released.

Note: Do not publish (suspected) security vulnerabilities publically.

Subscribing to Security Alerts

Any known vulnerability will be published as a Github Security Advisory under Security Advisories.

By watching the repo you can make sure to be notified if anything is published there.