Version Cake is a simple open source Ruby gem, but believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
An issue will be publicly disclosed in the changelog __once a version is posted with the patch applied.
Unfortunately, we cannot offer any financial rewards right now, as this project is open-source without any revenue. We hope that public credit and the feeling of having done good may be gratifying.
Please note, while nice, reporting dependencies being out of date is not necessary and won't be rewarded with Resolved status. The dependencies are publicly reported and notifications are sent to the team when they need updating.
Thank you for helping keep Version Cake and our users safe!