Due to the recent security-related events in our industry, we have received multiple requests / questions on the security of the Unimus code-base, build pipeline and official releases.
We have published a security-related blog that outlines the steps we took in the last months to validate the integrity of the Unimus releases, as well as our plans in regards to security into the future.
To sumarize:
- we audited the Unimus codebase and build process and found no security issues
- we audited all our public servers and services and found no security issues
- we plan to introduce more code-signing and integrity checks into the Unimus build process
- we are updating all dependencies / libraries to the latest versions across all our software / services
- we plan to start a Bug Bounty / Security Bounty program
The full blog article (with many more details) can be found here.
If you have any questions or suggestions in regards to this article, please feel free to post in this forum thread.