As a U.S. Government agency, the General Services Administration (GSA) takes seriously our responsibility to protect the public's information, including financial and personal information, from unwarranted disclosure.
Software developed by the U.S. General Services Administration (GSA) is subject to the GSA Vulnerability Disclosure Policy.
Please consult our policy for:
- How to submit a report if you believe you have discovered a vulnerability.
- GSA's coordinated disclosure policy.
- Information on how you may conduct security research on GSA developed software and systems.
- Important legal and policy guidelines.
Please note that only certain branches are supported with security updates.
| Version (Branch) | Supported |
|---|---|
| main | ✅ |
| other | ❌ |
When using this code or reporting vulnerabilities please only use supported versions.
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.