gogs/SECURITY.md

Security policy

Supported versions

Only lastest two minor version releases are supported for accepting vulnerability reports and patching for fixes.

Reporting a vulnerability

Please create a dummy issue with high-level description of the security vulnerability, then report details to security@gogs.io privately.

We strongly enourage to use https://huntr.dev/ for submitting and managing status of vulnerability reports instead of emails.

Thank you!