ateliers55/SECURITY.md

# Security Policy

## Supported Versions

We are focusing our security updates on the following versions

| Version | Supported          |
| ------- | ------------------ |
| 1.7.x   | :white_check_mark: |
| 1.6.x   | :warning:          |
| < 1.6   | :x:                |

## :warning: Versions

Versions with :warning: will be supported for security issues, however you won't be able to update to them, you will need to manually update through the [`direct-install` command](https://learn.getgrav.org/17/admin-panel/tools).

If you cannot update to the latest stable version available because, for example, your server does not meet the minimum PHP requirements, you can manually install a previous version by downloading the package from our Releases directory (https://github.com/getgrav/grav/releases).

## Reporting a Vulnerability

Please contact security@getgrav.org with a detailed explanation of the security issue found.  If it appears to be a legitimate issues, please submit an **advisory via GitHub Security**: https://github.com/getgrav/grav/security/advisories

>> NOTE: Please do not use 3rd party security issue reporting services, we like to keep everything in the GitHub ecosystem for easier manageability.

## Bug Bounties

We do greatly appreciate your efforts to improve Grav, but unfortunately because we are a small open source project, we **do not have the resources to offer bounties** for security issues found.
first commit 2024-03-26 13:31:26 +01:00			`# Security Policy`

			`## Supported Versions`

			`We are focusing our security updates on the following versions`

			`\| Version \| Supported \|`
			`\| ------- \| ------------------ \|`
			`\| 1.7.x \| :white_check_mark: \|`
			`\| 1.6.x \| :warning: \|`
			`\| < 1.6 \| :x: \|`

			`## :warning: Versions`

			Versions with :warning: will be supported for security issues, however you won't be able to update to them, you will need to manually update through the [`direct-install` command](https://learn.getgrav.org/17/admin-panel/tools).

			`If you cannot update to the latest stable version available because, for example, your server does not meet the minimum PHP requirements, you can manually install a previous version by downloading the package from our Releases directory (https://github.com/getgrav/grav/releases).`

			`## Reporting a Vulnerability`

			`Please contact security@getgrav.org with a detailed explanation of the security issue found. If it appears to be a legitimate issues, please submit an advisory via GitHub Security: https://github.com/getgrav/grav/security/advisories`

			`>> NOTE: Please do not use 3rd party security issue reporting services, we like to keep everything in the GitHub ecosystem for easier manageability.`

			`## Bug Bounties`

			`We do greatly appreciate your efforts to improve Grav, but unfortunately because we are a small open source project, we do not have the resources to offer bounties for security issues found.`