Please visit https://stacks.org/security for the most up-to-date information on our security policy.

Please see Releases.

Generally, we only support the functionality of the most recent release. This is because releases sometimes contain features activated by a "hard-fork" epoch block which significantly change network and node functionality (see: SIPs).

Please do NOT file a public issue or PR mentioning the vulnerability.

The Stacks Foundation has partnered with ImmuneFi to reward honest researchers who find and responsibly disclose security vulnerabilities in our critical code. Bounties are payable in the Stacks token (STX) for accepted, high-quality submissions.

Learn more here: https://bounty.stacks.org