# Security Policy

## Versions

Due to the nature of our project - being open source - we have decided to patch only the latest major release (currently v1.x) for security vulnerabilities.

## How to disclose

Please use [huntr.dev](https://huntr.dev/) for security issues that affect our project. If you believe you have found a vulnerability, please disclose it via [this form](https://huntr.dev/bounties/disclose/?target=https://github.com/flarum/core).

This will enable us to **review** the vulnerability, **fix** it promptly, and **reward** you for your efforts.

If you have any questions about the process, feel free to reach out to security@huntr.dev or security@flarum.org.