diff --git a/SECURITY.md b/SECURITY.md index 09762ad9ac..b62f160225 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,24 +1,13 @@ # Security Policy -## Supported Versions - -Only phpBB 3.3 is currently supported. The table below lists provides an overview of phpBB versions and their current support state: - -| Version | Supported | Comment | -|---------|--------------------|----------------------------------------------------------------------------------------------------| -| 4.0.x | :x: | Not released yet, still in development | -| 3.3.x | :white_check_mark: | Current stable release | -| 3.2.x | :x: | [End of Life (EoL) in Nov 2020](https://www.phpbb.com/community/viewtopic.php?t=2573411) | -| 3.1.x | :x: | [End of Life (EoL) in December 2017](https://www.phpbb.com/community/viewtopic.php?t=2453376) | -| 3.0.x | :x: | [End of Life (EoL) in November 2015](https://www.phpbb.com/community/viewtopic.php?f=14&t=2302466) | -| < 3.0 | :x: | [End of Life (EoL) in October 2008](https://www.phpbb.com/community/viewtopic.php?t=900655) | - ## Reporting a Vulnerability +Please do not post potential security vulnerabilities publicly. Instead, report them to the phpBB team. +We take security very seriously and will respond to reports about potential security vulnerabilities as quickly as possible. There are multiple ways a potential security vulnerability can be reported: - HackerOne: [phpBB | Vulnerability Disclosure Program | HackerOne](https://hackerone.com/phpbb) -- Send an email: [security@phpbb.com](mailto:security@phpbb.com) - Create a report in the security tracker: [Security Tracker](https://www.phpbb.com/security/) +- Send an email: [security@phpbb.com](mailto:security@phpbb.com) Please provide as much detail as possible when reporting a vulnerability. You can expect to receive an update on your report within a few days. If the vulnerability is accepted, we will work on a fix and keep you informed of the progress. If the vulnerability is declined, we will provide an explanation.