Security fixes are provided for the latest released version of lua-resty-openidc.
Older versions may receive security fixes at the maintainers' discretion.
Please do not report security vulnerabilities through public GitHub issues.
If you believe you have found a security vulnerability, please report it privately using GitHub's private vulnerability reporting, if available, or contact the maintainers directly.
When reporting a vulnerability, please include:
- A description of the issue
- Steps to reproduce the behavior
- Affected lua-resty-openidc versions
- Relevant OpenResty, NGINX, and dependency versions
- Any known mitigations or workarounds
The maintainers will review the report and coordinate disclosure once the issue has been assessed and, where appropriate, a fix is available.
Security vulnerabilities may include issues affecting authentication, authorization, token validation, session handling, redirect handling, cryptographic validation, or disclosure of sensitive information.
General bugs, configuration questions, and feature requests should be reported through regular GitHub issues.