| Version | Supported |
|---|---|
| 3.7.x | ✅ |
| <= 3.6 | ❌ |
Our core team will try their best to fix any valid vulnerability that is reported to them.
You can privately report a vulnerability to the OpenRefine team by creating a security advisory on GitHub. This report will be kept private while it is being assessed by the team.
Keep in mind that OpenRefine is designed to run locally on a user's PC, while also making network calls across the internet only upon a user's choice or command. As such, certain vulnerabilities might not apply to OpenRefine's design. In doubt, please submit a report anyway.