We aim to keep TimescaleDB safe for everyone. Publicly disclosing security bugs in a public forum can put everyone in the Timescale community at risk, however. Therefore, we ask that people follow the below instructions to report security vulnerability. The entire Timescale community thanks you!
The supported version is always the latest major release available in our repository. We also release regular minor versions with fixes and corrections alongside some new features as well as patchfix releases, that you should keep upgrading to. Vulnerability fixes are made available as part of these patchfix releases and you can read our list of Security Advisories.
You can also take a look at our Support Policy.
If you find a vulnerability in our software, please email the Timescale Security Team at security@timescale.com.
Please note that the e-mail address should only be used for reporting undisclosed security vulnerabilities in Timescale products and services. Regular bug reports should be submitted as GitHub issues, while other questions around security, compliance, or functionality can be made either through our support (for customers) or community channels (e.g., Timescale Slack, Forums, etc.)