BookStack/.github/SECURITY.md
2023-10-19 16:53:02 +01:00

1.4 KiB

Security Policy

Supported Versions

Only the latest version of BookStack is supported. We generally don't support older versions of BookStack due to maintenance effort and since we aim to provide a fairly stable upgrade path for new versions.

Security Notifications

If you'd like to be notified of new potential security concerns you can sign-up to the BookStack security mailing list.

Reporting a Vulnerability

If you've found an issue that likely has no impact to existing users (For example, in a development-only branch) feel free to raise it via a standard GitHub bug report issue.

If the issue could have a security impact to BookStack instances, please directly contact the lead maintainer @ssddanbrown. You will need to log in to be able to see the email address on the GitHub profile page. Alternatively you can send a DM via Mastodon to @danb@fosstodon.org.

Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability can often take a little time due to the amount of preparation required, to ensure the vulnerability has been covered, and to create the content required to adequately notify the user-base.

Thank you for keeping BookStack instances safe!