This table shows which versions of xrpl.js are currently supported with security updates:

The responsible disclosure of vulnerabilities helps to protect users of the project. Vulnerabilities are first triaged in a private manner, and only publicly disclosed after a reasonable time period that allows patching the vulnerability and provides an upgrade path for users.

When contacting us directly via email, we will do our best to respond in a reasonable time to resolve the issue. Do not disclose the vulnerability until it has been patched and users have been given time to upgrade.

We kindly ask you to refrain from malicious acts that put our users, the project, or any of the project’s team members at risk.

Security is a top priority. But no matter how much effort we put into security, there can still be vulnerabilities present.

If you discover a security vulnerability, please use the following means of communications to report it to us:

• Report the security issue to bugs@ripple.com
• Ripple Bug Bounty

Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.