Security is very important to us at Metabase.
We typically only support the latest release of Metabase for maintenance updates, but depending on the nature of the security issue we may issue hotfixes for arbitrarily earlier versions of Metabase.
If you discover any issue regarding security, please disclose the information responsibly by sending an email to [email protected] and not by creating a GitHub issue. We'll get back to you ASAP and work with you to confirm and plan a fix for the issue.
Please note that we do not currently offer a bug bounty program.