1.4 KiB
Security Policy
Supported Versions
We are focusing our security updates on the following versions
| Version | Supported |
|---|---|
| 1.7.x | ✅ |
| 1.6.x | ⚠️ |
| < 1.6 | ❌ |
⚠️ Versions
Versions with ⚠️ will be supported for security issues, however you won't be able to update to them, you will need to manually update through the direct-install command.
If you cannot update to the latest stable version available because, for example, your server does not meet the minimum PHP requirements, you can manually install a previous version by downloading the package from our Releases directory (https://github.com/getgrav/grav/releases).
Reporting a Vulnerability
Please contact security@getgrav.org with a detailed explanation of the security issue found. If it appears to be a legitimate issues, please submit an advisory via GitHub Security: https://github.com/getgrav/grav/security/advisories
NOTE: Please do not use 3rd party security issue reporting services, we like to keep everything in the GitHub ecosystem for easier manageability.
Bug Bounties
We do greatly appreciate your efforts to improve Grav, but unfortunately because we are a small open source project, we do not have the resources to offer bounties for security issues found.