BookStack/.github/SECURITY.md
2021-10-26 16:09:41 +01:00

1.7 KiB

Security Policy

Supported Versions

Only the latest version of BookStack is supported.
We generally don't support older versions of BookStack due to maintenance effort and
since we aim to provide a fairly stable upgrade path for new versions.

Security Notifications

If you'd like to be notified of new potential security concerns you can sign-up to the BookStack security mailing list.

Reporting a Vulnerability

If you've found an issue that likely has no impact to existing users (For example, in a development-only branch)
feel free to raise it via a standard GitHub bug report issue.

If the issue could have a security impact to BookStack instances, please use one of the below
methods to report the vulnerability:

  • Directly contact the lead maintainer @ssddanbrown.
  • Disclose via huntr.dev
    • Bounties may be available to you through this platform.
    • Be sure to use https://github.com/BookStackApp/BookStack as the repository URL.

Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability
can often take a little time due to the amount of preparation required, to ensure the vulnerability has
been covered, and to create the content required to adequately notify the user-base.

Thank you for keeping BookStack instances safe!