Sandstorm operates on an evergreen release model. Only the latest release is considered supported.

Please report security vulnerabilities to security@sandstorm.io for responsible disclosure. We ask that you withhold public disclosure for at least 90 days after reporting the vulnerability or 48 hours after the release of fixed code which corrects the issue, whichever is shorter.