1.7 KiB
Security Policy
Supported Versions
Only the latest version of BookStack is supported. We generally don't support older versions of BookStack due to maintenance effort and since we aim to provide a fairly stable upgrade path for new versions.
Security Notifications
If you'd like to be notified of new potential security concerns you can sign-up to the BookStack security mailing list.
Reporting a Vulnerability
If you've found an issue that likely has no impact to existing users (For example, in a development-only branch) feel free to raise it via a standard GitHub bug report issue.
If the issue could have a security impact to BookStack instances, please use one of the below methods to report the vulnerability:
- Directly contact the lead maintainer @ssddanbrown.
- You will need to login to be able to see the email address on the GitHub profile page.
- Alternatively you can send a DM via Twitter to @ssddanbrown.
- Disclose via huntr.dev
- Bounties may be available to you through this platform.
- Be sure to use
https://github.com/BookStackApp/BookStack
as the repository URL.
Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability can often take a little time due to the amount of preparation required, to ensure the vulnerability has been covered, and to create the content required to adequately notify the user-base.
Thank you for keeping BookStack instances safe!