# Security Policy

This document outlines the Security Policy for e107:

  * [Supported Versions](#supported-versions)
  * [Disclosure Policy](#disclosure-policy)
  * [Comments on this Policy](#comments-on-this-policy)

## Supported Versions

We release patches for security vulnerabilities in e107 from v2.0.0 onwards. The latest available version can be found in [Releases](https://github.com/e107inc/e107/releases). 

| Version | Supported          |
| ------- | ------------------ |
| 2.x.x   | :white_check_mark: |
| < 1.0.4   | :x:              |

## Disclosure Policy

The e107 team and community takes all security related reports seriously. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. 

**Please submit your security reports by emailing security@e107.org**

When the security team receives a security report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:

  * Confirm the problem and determine the affected versions.
  * Audit code to find any potential similar problems.
  * Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.

Please report security vulnerabilities in third-party plugins/themes to the person or team maintaining the plugin/theme.

## Comments on this Policy

If you have suggestions on how this process could be improved please submit a pull request.