Security vulnerabilities will be 'fixed forward', i.e. the vulnerability will be patched in a new release. If you require a specific version to be patched, please get in touch by creating a Creek-wide support discussion

If you discover a vulnerability, please report it by privately reporting a security vulnerability in either the GitHub repository containing the issue, or in the Organisational .github repository.

Creek is an open-source project maintained by volunteers. As such, we offer no hard and fast guarantees on response times. However, we aim to respond to all questions and issues within 7 days, and would obviously treat security issues with a higher priority.