Skip to content

Security: theodor-franke/BookStack

Security

.github/SECURITY.md

Security Policy

Supported Versions

Only the latest version of BookStack is supported. We generally don't support older versions of BookStack due to maintenance effort and since we aim to provide a fairly stable upgrade path for new versions.

Security Notifications

If you'd like to be notified of new potential security concerns you can sign-up to the BookStack security mailing list.

Reporting a Vulnerability

If you've found an issue that likely has no impact to existing users (For example, in a development-only branch) feel free to raise it via a standard GitHub bug report issue.

If the issue could have a security impact to BookStack instances, please use one of the below methods to report the vulnerability:

  • Directly contact the lead maintainer @ssddanbrown.
  • Disclose via huntr.dev
    • Bounties may be available to you through this platform.
    • Be sure to use https://github.com/BookStackApp/BookStack as the repository URL.

Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability can often take a little time due to the amount of preparation required, to ensure the vulnerability has been covered, and to create the content required to adequately notify the user-base.

Thank you for keeping BookStack instances safe!

There aren’t any published security advisories