viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-04-18 12:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b00f43adddc4aeaa9e0fc38a4a855031e1698b53
espocrm/.github/SECURITY.md
Yurii b00f43addd Update security
2026-04-17 15:23:27 +03:00

705 B
Raw Blame History

Security Policy

Reporting a vulnerability

If you believe you have discovered a vulnerability in EspoCRM, please contact us via this or this forms. Or create a private vulnerability report on GitHub.

What reports we do not accept:

  • Executing PHP code by an extension or during the installation or upgrade process.
  • Exposing contacts though a target list, campaign or mass email, considering the user has access to them.
  • SSRF in IMAP/SMTP with TOCTOU.

Supported versions

For severe vulnerabilities we provide fixes for 2 minor versions (the second number in the version string) back from the current stable version.

Reference in New Issue View Git Blame Copy Permalink