This is the default security policy for all Cadence repositories.
For each repository, releases can be found in the <repo>/releases folder (for example, https://github.com/cadence-workflow/cadence/releases), with release dates provided. Any version released within the last two years is considered supported.
When a security vulnerability is discovered or reported for a specific version, that version will be marked as unsafe in the corresponding repository.
| Version | Supported |
|---|---|
| 5.1.x | ✅ |
| 5.0.x | ❌ |
| 4.0.x | ✅ |
| < 4.0 | ❌ |
If you are viewing this page as the security policy, it means that no version of this repository has been marked as unsafe yet.
Please use the <repo>/security/advisories page to report any vulnerabilities for each repository by clicking the large green button in the top right corner. This ensures that your report is received privately, allowing us to address the issue promptly before it becomes widely known.