# Security policy

## Supported versions

Only lastest two minor version releases are supported for accepting vulnerability reports and patching for fixes.

## Reporting a vulnerability

Please create a dummy issue with high-level description of the security vulnerability, then report details to [security@gogs.io](mailto:security@gogs.io) privately.

We strongly enourage to use https://huntr.dev/ for submitting and managing status of vulnerability reports instead of emails.

Thank you!