BookStack Code Mirror - bookstack/blob - .github/SECURITY.md

   1 # Security Policy
   2
   3 ## Supported Versions
   4
   5 Only the [latest version](https://github.com/BookStackApp/BookStack/releases) of BookStack is supported.
   6 We generally don't support older versions of BookStack due to maintenance effort and
   7 since we aim to provide a fairly stable upgrade path for new versions.
   8
   9 ## Security Notifications
  10
  11 If you'd like to be notified of new potential security concerns you can [sign-up to the BookStack security mailing list](https://updates.bookstackapp.com/signup/bookstack-security-updates).
  12
  13 ## Reporting a Vulnerability
  14
  15 If you've found an issue that likely has no impact to existing users (For example, in a development-only branch)
  16 feel free to raise it via a standard GitHub bug report issue.
  17
  18 If the issue could have a security impact to BookStack instances,
  19 please directly contact the lead maintainer [@ssddanbrown](https://github.com/ssddanbrown).
  20 You will need to login to be able to see the email address on the [GitHub profile page](https://github.com/ssddanbrown).
  21 Alternatively you can send a DM via Twitter to [@ssddanbrown](https://twitter.com/ssddanbrown).
  22
  23 Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability
  24 can often take a little time due to the amount of preparation required, to ensure the vulnerability has
  25 been covered, and to create the content required to adequately notify the user-base.
  26
  27 Thank you for keeping BookStack instances safe!