mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-13 21:01:21 +08:00
7920440eb6
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: zai@stack-auth.com <zai@stack-auth.com>
16 lines
1.0 KiB
Markdown
16 lines
1.0 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Only the latest versions of Stack Auth's server and client packages are supported. We do not provide security updates for older versions.
|
|
|
|
If you would like to get security consulting regarding older versions of on-prem or self-hosted deployments of Stack Auth, please [contact us](mailto:team@stack-auth.com).
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Stack Auth practices [responsible disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure). This helps us protect our users, but requires your cooperation.
|
|
|
|
Please disclose security vulnerabilities responsibly by emailing us at security@stack-auth.com. In this case, we will get back to you within 96 hours, and aim to get a fix released as soon as possible. We will disclose the issue publicly after at most 90 days.
|
|
|
|
Hence, we ask you not to publicize issues until the 90 days deadline is over. Also, please do not create GitHub issues with security vulnerabilities; instead, email us directly at the address above.
|