Skip to content

SECURITY.md

Security Policy

Supported Versions

As of November 2019 (and until this document is updated), only the v3.0.0-beta tags of Strapi are supported for updates. Any previous versions are currently not supported and users are advised to use them "at their own risk".

Reporting a Vulnerability

Please report (suspected) security vulnerabilities to security@strapi.io or via the Strapi Slack.

When reporting a (suspected) security vulnerability via slack please reach out to any of the following Strapi employees directly:

  • @aureliengeorget
  • @alexandre
  • @lauriejim
  • @soupette

You will receive a response from us within 72 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

You can’t perform that action at this time.