Spyder normally supports the most recent micro (patch) version of the latest minor (feature) release of the latest major (breaking) version, with bug fixes, security updates and compatibility improvements. Additionally, the previous feature (major or minor) release will be supported for critical security and bug fixes only for two months following the release of a new feature version.

The following summarizes the support status of recent Spyder versions.

If you believe you've discovered a security vulnerability in Spyder, please use open a new security advisory with our GitHub repo's private vulnerability reporting. Please be sure to carefully document the vulnerability, including a summary, describing the impacts, identifying the line(s) of code affected, stating the conditions under which it is exploitable and including a minimal reproducible test case. Further information and advice or patches on how to mitigate it is always welcome. You can usually expect to hear back within 1 week, at which point we'll inform you of our evaluation of the vulnerability and what steps we plan to take, and will reach out if we need further clarification from you. We'll discuss and update the advisory thread, and are happy to update you on its status should you further inquire. While this is a volunteer project and we don't have financial compensation to offer, we can certainly publicly thank and credit you for your help if you would like. Thanks!