analytics/SECURITY.md

16 lines
1.1 KiB
Markdown
Raw Normal View History

2021-03-04 12:40:20 +03:00
# Security Policy
## Supported Versions
2021-03-04 12:40:57 +03:00
We only add security updates to the latest MAJOR.MINOR version of the project. No security updates are backported to previous versions. If you
2021-03-04 12:40:20 +03:00
want be up to date on security patches, make sure your Plausible image is up to date with `plausible/analytics:latest`
## Reporting a Vulnerability
2023-11-27 23:59:26 +03:00
Our software is updated several times per week and we also have a way for you to [report any security vulnerabilities](https://plausible.io/vulnerability-disclosure-program). A more detailed overview about our security practices can be found on [plausible.io/security](https://plausible.io/security).
2021-03-04 12:40:20 +03:00
If you've found a security vulnerability with the Plausible codebase, you can disclose it responsibly by sending a summary to security@plausible.io.
2021-09-20 17:30:56 +03:00
We will review the potential threat and fix it as fast as we can.
While we do not have a bounty program in place yet, we are incredibly thankful for people who take the time to share their findings with us. Whether it's a tiny bug that you've found or a security vulnerability, all reports help us to continuously improve Plausible for everyone. Thank you!