We always recommend using the latest version of Tramline to ensure you get all security updates.

Currently, security updates are not backported to previous versions.

If you've found a security vulnerability in the Tramline codebase, you can disclose it responsibly by sending a summary to security@tramline.app. We will review the potential threat and get back to you within two (2) business days. We will then work on fixing it as fast as we can, followed by a public disclosure with attribution to you.

While researching, we’d like you to refrain from:

• Denial-of-Service (DoS)
• Spamming
• Social engineering or phishing of Tramline employees or contractors

While we do not have a bounty program in place yet, we are incredibly thankful for people who take the time to share their findings with us. Whether it's a tiny bug that you've found or a security vulnerability, all reports help us to continuously improve Tramline for everyone. Thank you for your support!