espocrm/.github/SECURITY.md

Security Policy

Reporting a vulnerability

If you believe you have discovered a vulnerability in EspoCRM, please contacts us via this or this forms. Or create a private vulnerability report on GitHub.

LLM slop

Low-effort, LLM-generated reports are not allowed. In such cases, if it is evident that the author does not understand the subject they submitted, the account will be blocked.

Supported versions

For severe vulnerabilities we provide fixes for 2 minor versions (the second number in the version string) back from the current stable version.