The city-jekyll theme uses the following versions of ruby gems to generate the website. The current versions are the only ones that are supported with security updates.
| Ruby Gem | Version | Supported |
|---|---|---|
| Jekyll | 4.2 | ✅ |
| Jekyll-autoprefixer | 1.0.2 | ✅ |
| Jekyll-get-json | 1.0 | ✅ |
If there are any vulnerabilities in the city-jekyll theme, don't hesitate to report them.
-
Please open an issue on GitHub. If you do not have a GitHub account please use any of the email addresses on the webpages to inform the webmaster.
-
In the issue or email you should:
- Describe the vulnerability
- The steps you took to create the issue
- The affected versions
- Open a pull request if you have a fix explaining how the necessary code amendments fix the vulnerability (or enclose this in the email)
Expect a reply within 3 weeks. We may request a pull request which include the fixes.
You should not disclose the vulnerability publicly if you haven't received an answer after 3 weeks. If the vulnerability is rejected, you may post it publicly within 48 hours of rejection, unless the rejection is withdrawn within that time period. After the vulnerability has been fixed, you may disclose the vulnerability details publicly after 7 days.