We maintain a dual-track versioning strategy with different support levels for each track. Security patches are released based on the CVSS v3.0 Rating and version track:
- v2.x (AWS SDK v4): Active development on master branch
- v1.x (AWS SDK v3): Long-term support (LTS) on sdkv3-lts branch, maintained until July 2026
| CVSS v3.0 | v2.x (Current) | v1.x (LTS) |
|---|---|---|
| 9.0-10.0 | ✅ All releases within previous 3 months | ✅ Latest LTS release |
| 4.0-8.9 | ✅ Most recent release | ✅ Latest LTS release |
| < 4.0 | ❌ No patches (upgrade recommended) |
The LocalStack .NET Client team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
Security Infrastructure: This repository has GitHub Advanced Security enabled with automated vulnerability detection, dependency scanning, code scanning, and secret detection to help maintain security standards.
To report a security vulnerability, please use one of the following methods:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill out the security advisory form with details about the vulnerability
Send an email to localstack.dotnet@gmail.com with:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if available)
For non-security related bugs, please use our GitHub Issues tracker.
We will respond to security vulnerability reports within 48 hours and will keep you informed throughout the process of fixing the vulnerability.
Security updates will be released as soon as possible after a vulnerability is confirmed and a fix is available. We will:
- Confirm the problem and determine the affected versions
- Audit code to find any potential similar problems
- Prepare fixes for all supported versions
- Release new versions as quickly as possible
If you have suggestions on how this process could be improved, please submit a pull request or open an issue to discuss.