From b00f43adddc4aeaa9e0fc38a4a855031e1698b53 Mon Sep 17 00:00:00 2001
From: Yurii <yurikuzn@users.noreply.github.com>
Date: Fri, 17 Apr 2026 15:23:27 +0300
Subject: [PATCH] Update security

---
 .github/SECURITY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 5dd9862c66..f3e0f2498c 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -8,6 +8,7 @@ What reports we do not accept:
 
 - Executing PHP code by an extension or during the installation or upgrade process.
 - Exposing contacts though a target list, campaign or mass email, considering the user has access to them.
+- SSRF in IMAP/SMTP with TOCTOU.
 
 ## Supported versions