The following versions are currently being supported with security updates.
| Version | Supported |
|---|---|
| 5.x | ✔️ |
| 4.x | ✔️ |
| 3.x | ❌ |
| 2.x | ❌ |
| 1.x | ❌ |
| < 1.0 | ❌ |
If you believe you have found a security issue with any of Gatsby's open source or commercial offerings, we would love to receive your report! Security findings can be emailed to security@gatsbyjs.com.
When reporting a security issue, describe the issue in detail and include steps to reproduce. The more detail provided, the more likely we will be able to reproduce the issue and determine a course of action.
Please do not report findings from npm audit. We are aware of package dependency issues that are reported by this tool and do review these reports. In many cases the issues reported by npm audit are misleading and do not present a tangible/exploitable security risk for Gatsby users.