# Security Policy

## Reporting a Vulnerability

First things first: **Do NOT report security vulnerabilities in public issues!**

Please disclose responsibly by sending
a mail at security@workadventu.re (you can also ping us in the GitHub issues, but please, no details in the issues!)

We will assess the issue as soon as possible on a best-effort basis and will give you an estimate for when we have a fix 
and release available for an eventual public disclosure.

We do not have a bug bounty program.

## Supported Versions

We only apply security patches on the latest tagged release and on the `master` and `develop` branches

Unless specified otherwise, do not expect us to fix security issues on past releases. We are only maintaining one release:
the latest one, which is online at https://play.workadventu.re.