In general, if an exploit is discovered within WebGUI or the WebGUI Runtime Environment, we either issue a new version, or a patch, or both the same day the exploit is reported. In some cases, it takes longer than that to locate the problem and generate a resolution for it, but in most cases the resolution comes within 24 hours of discovery.

 

When we put out a new patch release to fix an exploit, we publish an announcement of that exploit in the Advisories on getwebgui.com, which explains not only what the exploit was, but how to resolve it. If you are as concerned about security as we are, then we highly recommend that you subscribe to the Advisories list so that you are notified of both new releases and security problems.

 

We take the security and privacy of your data, and your users' data, very seriously. If you discover a security flaw that you are not comfortable posting to the bug list, please feel free to contact us directly.