We fix security issues as soon as they are found, and release firmware updates.
Each such release is accompanied by release notes, see https://github.com/solokeys/solo/releases.
The latest version can be determined using the file https://github.com/solokeys/solo/blob/master/STABLE_VERSION.
To update your key:
- either visit https://update.solokeys.com, or
- use our commandline tool https://github.com/solokeys/solo-python:
solo key update [--secure|--hacker]
To report vulnerabilities you have found:
- preferably contact @conor1, @0x0ece or @nickray via Keybase, or
- send us e-mail using OpenPGP to security@solokeys.com.
https://keys.openpgp.org/vks/v1/by-fingerprint/85AFA2769F4381E5712C36A04DDFC46FEF1F7F3F
We do not currently run a paid bug bounty program, but are happy to provide you with a bunch of Solo keys in recognition of your findings.
Join our release notification mailing list to be informed about each release: