If a vulnerability is identified in third-party libraries used in the product, we schedule a release that includes the fix. Depending on the severity, this may be done as soon as possible or included in the next regular release. Information about updated libraries is documented in the release notes.
While it may be technically possible to update a single library without a full upgrade, this is not always straightforward. We usually run additional tests to ensure the overall functionality remains stable, which is why fixes are delivered via official releases.
Since you rely on Docker images that include the OS and additional components, some vulnerabilities may originate from that layer. These can be updated on your side as part of your dependency management process. On our end, we continuously scan our builds and Docker images using vulnerability scanning tools.
If your own scanning tools detect any vulnerable libraries, please report them to us at support@webspellchecker.net. We will review the findings with our team and advise on next steps, whether upgrading to an existing version resolves the issue or whether a dedicated fix release is required.
Last updated
Was this helpful?
Was this helpful?
