mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-14 01:24:06 -08:00
28 lines
1.1 KiB
Markdown
28 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
We take security issues very seriously, and will always attempt to address any
|
|
vulnerabilities as quickly as possible.
|
|
|
|
## Supported Versions
|
|
|
|
We try to make a reasonable effort to support older versions of Snipe-IT,
|
|
however there are times when library dependencies and/or PHP/MySQL dependencies
|
|
make it impossible to backport security fixes on older versions.
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| 5.1.x | :white_check_mark: |
|
|
| 5.0.x | :x: |
|
|
| 4.0.x | :white_check_mark: |
|
|
| < 4.0 | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Security vulnerabilities should be sent to security@snipeitapp.com. You can typically expect a
|
|
response within two business days, and we typically have fixes out in under a week from the initial disclosure.
|
|
|
|
This obviously varies based on the severity of the security issue and the difficulty in remediation,
|
|
but those have historically been the timelines we worm around.
|
|
|
|
For a full breakdown of our security policies, please see https://snipeitapp.com/security.
|