30 lines
1.4 KiB
Markdown
30 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
We are focusing our security updates on the following versions
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| 1.7.x | :white_check_mark: |
|
|
| 1.6.x | :warning: |
|
|
| < 1.6 | :x: |
|
|
|
|
## :warning: Versions
|
|
|
|
Versions with :warning: will be supported for security issues, however you won't be able to update to them, you will need to manually update through the [`direct-install` command](https://learn.getgrav.org/17/admin-panel/tools).
|
|
|
|
If you cannot update to the latest stable version available because, for example, your server does not meet the minimum PHP requirements, you can manually install a previous version by downloading the package from our Releases directory (https://github.com/getgrav/grav/releases).
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please contact security@getgrav.org with a detailed explanation of the security issue found. If it appears to be a legitimate issues, please submit an **advisory via GitHub Security**: https://github.com/getgrav/grav/security/advisories
|
|
|
|
>> NOTE: Please do not use 3rd party security issue reporting services, we like to keep everything in the GitHub ecosystem for easier manageability.
|
|
|
|
## Bug Bounties
|
|
|
|
We do greatly appreciate your efforts to improve Grav, but unfortunately because we are a small open source project, we **do not have the resources to offer bounties** for security issues found.
|
|
|
|
|