mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 21:54:14 -08:00
5014a95d9a
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Docker images (Alpine) / docker (push) Waiting to run
Docker images / docker (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Waiting to run
Signed-off-by: snipe <snipe@snipe.net>
30 lines
1.1 KiB
Markdown
30 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
We take security issues very seriously, and will always attempt to address any
|
|
vulnerabilities as quickly as possible.
|
|
|
|
## Supported Versions
|
|
|
|
We try to make a reasonable effort to support older versions of Snipe-IT,
|
|
however there are times when library dependencies and/or PHP/MySQL dependencies
|
|
make it impossible to backport security fixes on older versions.
|
|
|
|
| Version | Supported |
|
|
|---------| ------------------ |
|
|
| 7.x | :white_check_mark: |
|
|
| 6.x | :x: |
|
|
| 5.1.x | :x: |
|
|
| 5.0.x | :x: |
|
|
| 4.0.x | :x: |
|
|
| < 4.0 | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Security vulnerabilities should be sent to security@snipeitapp.com. You can typically expect a
|
|
response within two business days, and we typically have fixes out in under a week from the initial disclosure.
|
|
|
|
This obviously varies based on the severity of the security issue and the difficulty in remediation,
|
|
but those have historically been the timelines we worm around.
|
|
|
|
For a full breakdown of our security policies, please see https://snipeitapp.com/security.
|