|
2 | 2 |
|
3 | 3 | ## Supported Versions |
4 | 4 |
|
5 | | -The following versions of Pterodactyl are receiving active support and maintenance. Any security vulnerabilities discovered must be reproducible in supported versions. |
6 | | - |
7 | | -| Panel | Daemon | Supported | |
8 | | -|--------|--------------|--------------------| |
9 | | -| 1.11.x | wings@1.11.x | :white_check_mark: | |
10 | | -| 0.7.x | daemon@0.6.x | :x: | |
| 5 | +Pterodactyl only provides security support for the latest `major.minor` versions of the Panel and Wings software. |
| 6 | +If a security vulnerability is found in an older version but cannot be reproduced on a supported version it will |
| 7 | +not be considered. Additionally, security issues found in unreleased code will be addressed, but do not warrant a |
| 8 | +security advisory. |
11 | 9 |
|
| 10 | +For example, if the latest version of the Panel is `1.2.5` then we only support security reports for issues that |
| 11 | +occur on `>= 1.2.x` versions of the Panel software. The Panel and Wings have their own versions, but they generally |
| 12 | +follow eachother. |
12 | 13 |
|
13 | 14 | ## Reporting a Vulnerability |
14 | 15 |
|
15 | | -Please reach out directly to any project team member on Discord when reporting a security vulnerability, or you can email `security@pterodactyl.io`. |
| 16 | +Please use our GitHub Security reporting meachnism to quickly alert the team to any security issues you come across, |
| 17 | +or send an email to `security@pterodactyl.io` with the details of your report. |
16 | 18 |
|
17 | | -We make every effort to respond as soon as possible, although it may take a day or two for us to sync internally and determine the severity of the report and its impact. Please, _do not_ use a public facing channel or GitHub issues to report sensitive security issues. |
| 19 | +We make every effort to respond as soon as possible, although it may take a day or two for us to sync internally and |
| 20 | +determine the severity of the report and its impact. Please, _do not_ use a public facing channel or GitHub issues to |
| 21 | +report sensitive security issues. |
18 | 22 |
|
19 | | -As part of our process, we will create a security advisory for the affected versions and disclose it publicly, usually two to four weeks after a releasing a version that addresses it. |
| 23 | +As part of our process, we will create a security advisory for the affected versions and disclose it publicly, usually |
| 24 | +two to four weeks after a releasing a version that addresses it. |
0 commit comments