The Drand team actively supports the most recent minor version of drand.
Upcoming major or minor releases will go through a release-candidate cycle before they are released to the ecosystem.
If you believe to have found a security issue that can cause biasability, denial of service, or compromise of the active network, please send us a private email to security@drand.love. Please DO NOT file a public issue. We'll make sure to get back to you ASAP, work towards verifying the issue, mitigating it and providing an update for our users.
To help us serving the drand ecosystem, we appreciate that your reports are as precise as possible, ideally containing a way to reproduce the vulnerability.
If the issue is a protocol weakness that cannot be immediately exploited or something not yet deployed, feel welcome to discuss it openly in a Github issue.
For all other kinds of bugs, please file an issue in this repo.