55 Degrees will publish a security advisory for all vulnerabilities found and fixed. These will be linked from this page.
55 Degrees will also take the following steps based on the severity of the vulnerability:
When a critical severity security vulnerability is found, we will send a copy of all critical security advisories to the technical contact(s) listed for current evaluators and customers of the impacted app version(s) and to those subscribed to the 'Alerts, Advisories, & Policy Updates' mailing list. Subscribe at https://55degrees.se/subscribe .
When a non-critical severity security vulnerability is found, we will mention the fix in our release notes just as we do for other bugs.