1d62fa391SGreg Roach# Security Policy 2d62fa391SGreg Roach 3d62fa391SGreg Roach## Supported Versions 4d62fa391SGreg Roach 5*25ca56c0SGreg RoachThe latest versions of the `main` and `2.1` branches are supported for security issues. 6d62fa391SGreg Roach 7d62fa391SGreg Roach## Reporting a Vulnerability 8d62fa391SGreg Roach 9d62fa391SGreg Roach**Please do not report security vulnerabilities through public GitHub issues.** 10d62fa391SGreg Roach 11d62fa391SGreg Roach**Please do not report security vulnerabilities on the project forum.** 12d62fa391SGreg Roach 13d62fa391SGreg RoachSecurity issues should be reported directly to the project maintainer, 14d62fa391SGreg Roach[Greg Roach](mailto:greg@subaqua.co.uk). 15d62fa391SGreg Roach 16d62fa391SGreg Roach## Timescales 17d62fa391SGreg Roach 18d62fa391SGreg RoachYou should expect an acknowledgement within 24 hours. 19d62fa391SGreg Roach 20d62fa391SGreg RoachRemember that not all emails get delivered, and that some parts of the world do 21d62fa391SGreg Roachnot have internet access. 22d62fa391SGreg RoachIf you do not get a reply, please send a follow-up email. 23d62fa391SGreg RoachIf there is still no reply, try to make contact through the project forum 24d62fa391SGreg Roachat www.webtrees.net 25d62fa391SGreg Roach 26d62fa391SGreg RoachDepending on the complexity and severity of the issue, I will aim to publish 27d62fa391SGreg Roacha fix within 2-7 days. 28d62fa391SGreg Roach 29d62fa391SGreg Roach## Disclosure 30d62fa391SGreg Roach 31d62fa391SGreg RoachPlease wait for the fix to become available before publishing details of the issue. 32d62fa391SGreg Roach 33d62fa391SGreg Roach## Attribution 34d62fa391SGreg Roach 35d62fa391SGreg RoachIf you would like to be credited for your discovery, please say so. 36