xref: /webtrees/SECURITY.md (revision 25ca56c04e6e2e5139d6aabc1dd5b1450c08d319)
1# Security Policy
2
3## Supported Versions
4
5The latest versions of the `main` and `2.1` branches are supported for security issues.
6
7## Reporting a Vulnerability
8
9**Please do not report security vulnerabilities through public GitHub issues.**
10
11**Please do not report security vulnerabilities on the project forum.**
12
13Security issues should be reported directly to the project maintainer,
14[Greg Roach](mailto:greg@subaqua.co.uk).
15
16## Timescales
17
18You should expect an acknowledgement within 24 hours.
19
20Remember that not all emails get delivered, and that some parts of the world do
21not have internet access.
22If you do not get a reply, please send a follow-up email.
23If there is still no reply, try to make contact through the project forum
24at www.webtrees.net
25
26Depending on the complexity and severity of the issue, I will aim to publish
27a fix within 2-7 days.
28
29## Disclosure
30
31Please wait for the fix to become available before publishing details of the issue.
32
33## Attribution
34
35If you would like to be credited for your discovery, please say so.
36