2020-10-23 02:43:28 +02:00
|
|
|
# Security policy
|
2020-06-26 00:22:36 +02:00
|
|
|
|
2020-10-23 02:43:28 +02:00
|
|
|
## Reporting a vulnerability
|
2020-06-26 00:22:36 +02:00
|
|
|
|
|
|
|
We love responsible reports of (potential) security issues in Zulip,
|
|
|
|
whether in the latest release or our development branch.
|
|
|
|
|
2021-08-20 21:53:28 +02:00
|
|
|
Our security contact is security@zulip.com. Reporters should expect a
|
2020-06-26 00:22:36 +02:00
|
|
|
response within 24 hours.
|
|
|
|
|
|
|
|
Please include details on the issue and how you'd like to be credited
|
|
|
|
in our release notes when we publish the fix.
|
|
|
|
|
2021-05-05 01:39:27 +02:00
|
|
|
Our [security model][security-model] document may be a helpful
|
|
|
|
resource.
|
2020-06-26 00:22:36 +02:00
|
|
|
|
2022-01-08 00:05:16 +01:00
|
|
|
## Security announcements
|
|
|
|
|
|
|
|
We send security announcements to our [announcement mailing
|
|
|
|
list](https://groups.google.com/g/zulip-announce). If you are running
|
|
|
|
Zulip in production, you should subscribe, by clicking "Join group" at
|
|
|
|
the top of that page.
|
|
|
|
|
2020-10-23 02:43:28 +02:00
|
|
|
## Supported versions
|
2020-06-26 00:22:36 +02:00
|
|
|
|
|
|
|
Zulip provides security support for the latest major release, in the
|
|
|
|
form of minor security/maintenance releases.
|
|
|
|
|
2021-05-05 01:39:27 +02:00
|
|
|
We work hard to make [upgrades][upgrades] reliable, so that there's no
|
|
|
|
reason to run older major releases.
|
|
|
|
|
2022-01-07 23:05:32 +01:00
|
|
|
See also our documentation on the [Zulip release
|
|
|
|
lifecycle][release-lifecycle].
|
2021-05-05 01:39:27 +02:00
|
|
|
|
|
|
|
[security-model]: https://zulip.readthedocs.io/en/latest/production/security-model.html
|
|
|
|
[upgrades]: https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release
|
2022-01-07 23:05:32 +01:00
|
|
|
[release-lifecycle]: https://zulip.readthedocs.io/en/latest/overview/release-lifecycle.html
|