Skip to content

Security: NerdyLuffy/strapi

Security

SECURITY.md

Security Policy

Supported Versions

As of May 2020 (and until this document is updated), only the v3.0.0 stable release of Strapi is supported for updates. Any previous versions are currently not supported and users are advised to use them "at their own risk".

Reporting a Vulnerability

Please report (suspected) security vulnerabilities to security@strapi.io or via the Strapi Slack.

When reporting a (suspected) security vulnerability via slack please reach out to any of the following Strapi employees directly:

  • @aureliengeorget
  • @alexandre
  • @lauriejim
  • @soupette

You will receive a response from us within 72 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

There aren’t any published security advisories