This document explains the security policy of webpack-cli and how we intend to support webpack and webpack-cli.
webpack CLI is currently supporting webpack v4 and webpack v5. Security fixes are released in patches.
| webpack version | webpack-cli version | Supported |
|---|---|---|
| >= 4.20.x | ^4.2.0 | ✅ |
| <= 4.19.x | ^4.2.0 | ✅ |
| 5.x.0 | ^4.2.0 | ✅ |
| 5.0.x | ^4.2.0 | ✅ |
| < 4.x.x | (CLI included in webpack < 4) | ❌ |
Note: Using webpack < 4 with webpack CLI is not required as CLI was included in webpack.
To report a vulnerability, please contact one of webpack maintainers through the email provided from either npm, GitHub or reach out at other social media platforms. For third party security vulnerabilities, submitting an issue or Pull Request to fix the security vulnerability is much appreciated. We also use dependabot from GitHub to avoid vulnerabilities.