picocms/SECURITY.md

Security Policy

Supported Versions

Only the most recent stable version of Pico is supported.

Reporting a Vulnerability

To mitigate the impact of possible security issues we ask you to disclose any security issues with Pico privately first ("responsible disclosure"). To do so please send an email to Pico's lead developer:

Daniel Rudolf <picocms.org@daniel-rudolf.de>

You should receive an answer within 48 hours.

All messages with valid security reports will be puslished on GitHub in full text.