Security Policy

Supported Versions

LoopBack implements the Module LTS policy.

Version	Supported
LoopBack 4	✅
LoopBack 3	❌
LoopBack 2	❌

Supported connectors

• Memory connector

Database connectors

• Cassandra connector
• CouchDB connector
• Cloudant connector
• DashDB connector
• IBM Db2 connector
• IBM Db2 for iSeries connector(deprecated)
• IBM Db2 for i connector
• IBM Db2 for z/OS connector
• Informix connector
• MongoDB connector
• MySQL connector
• Oracle connector
• PostgreSQL connector
• Redis connector
• Redis key-value connector
• SQL Server connector
• SQLite3 connector
• z/OS Connect Enterprise Edition connector

Other connectors

• Email connector
• JSON RPC connector
• MQ Light connector
• Push connector
• Remote connector
• REST connector
• SOAP connector
• Storage connector
• Swagger connector

Within LoopBack 4, fixes are not backported across semver major versions of a package.

Security advisories

Security advisories can be found on the LoopBack website.

Reporting a vulnerability

If you think you have discovered a new security issue with any LoopBack package, please do not report it on GitHub. Instead, send an email to security@loopback.io with the following details:

• Full description of the vulnerability.
• Steps to reproduce the issue.
• Possible solutions.

If you are sending us any logs as part of the report, then make sure to redact any sensitive data from them.