1*d62fa391SGreg Roach# Security Policy 2*d62fa391SGreg Roach 3*d62fa391SGreg Roach## Supported Versions 4*d62fa391SGreg Roach 5*d62fa391SGreg RoachThe latest versions of the 1.7 and 2.0 branches are supported for security issues. 6*d62fa391SGreg Roach 7*d62fa391SGreg Roach## Reporting a Vulnerability 8*d62fa391SGreg Roach 9*d62fa391SGreg Roach**Please do not report security vulnerabilities through public GitHub issues.** 10*d62fa391SGreg Roach 11*d62fa391SGreg Roach**Please do not report security vulnerabilities on the project forum.** 12*d62fa391SGreg Roach 13*d62fa391SGreg RoachSecurity issues should be reported directly to the project maintainer, 14*d62fa391SGreg Roach[Greg Roach](mailto:greg@subaqua.co.uk). 15*d62fa391SGreg Roach 16*d62fa391SGreg Roach## Timescales 17*d62fa391SGreg Roach 18*d62fa391SGreg RoachYou should expect an acknowledgement within 24 hours. 19*d62fa391SGreg Roach 20*d62fa391SGreg RoachRemember that not all emails get delivered, and that some parts of the world do 21*d62fa391SGreg Roachnot have internet access. 22*d62fa391SGreg RoachIf you do not get a reply, please send a follow-up email. 23*d62fa391SGreg RoachIf there is still no reply, try to make contact through the project forum 24*d62fa391SGreg Roachat www.webtrees.net 25*d62fa391SGreg Roach 26*d62fa391SGreg RoachDepending on the complexity and severity of the issue, I will aim to publish 27*d62fa391SGreg Roacha fix within 2-7 days. 28*d62fa391SGreg Roach 29*d62fa391SGreg Roach## Disclosure 30*d62fa391SGreg Roach 31*d62fa391SGreg RoachPlease wait for the fix to become available before publishing details of the issue. 32*d62fa391SGreg Roach 33*d62fa391SGreg Roach## Attribution 34*d62fa391SGreg Roach 35*d62fa391SGreg RoachIf you would like to be credited for your discovery, please say so. 36