From cedbbb0c769223a679f1af63c0c03b1519035606 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 1 Mar 2025 16:45:36 +0100 Subject: [PATCH] [ticket/17478] Add security policy file PHPBB-17478 --- SECURITY.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..09762ad9ac --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,24 @@ +# Security Policy + +## Supported Versions + +Only phpBB 3.3 is currently supported. The table below lists provides an overview of phpBB versions and their current support state: + +| Version | Supported | Comment | +|---------|--------------------|----------------------------------------------------------------------------------------------------| +| 4.0.x | :x: | Not released yet, still in development | +| 3.3.x | :white_check_mark: | Current stable release | +| 3.2.x | :x: | [End of Life (EoL) in Nov 2020](https://www.phpbb.com/community/viewtopic.php?t=2573411) | +| 3.1.x | :x: | [End of Life (EoL) in December 2017](https://www.phpbb.com/community/viewtopic.php?t=2453376) | +| 3.0.x | :x: | [End of Life (EoL) in November 2015](https://www.phpbb.com/community/viewtopic.php?f=14&t=2302466) | +| < 3.0 | :x: | [End of Life (EoL) in October 2008](https://www.phpbb.com/community/viewtopic.php?t=900655) | + +## Reporting a Vulnerability + +There are multiple ways a potential security vulnerability can be reported: + +- HackerOne: [phpBB | Vulnerability Disclosure Program | HackerOne](https://hackerone.com/phpbb) +- Send an email: [security@phpbb.com](mailto:security@phpbb.com) +- Create a report in the security tracker: [Security Tracker](https://www.phpbb.com/security/) + +Please provide as much detail as possible when reporting a vulnerability. You can expect to receive an update on your report within a few days. If the vulnerability is accepted, we will work on a fix and keep you informed of the progress. If the vulnerability is declined, we will provide an explanation.