Skip to content

Security: theshoregroup/snipe-it

Security

SECURITY.md

Security Policy

We take security issues very seriously, and will always attempt to address any vulnerabilities as quickly as possible.

Supported Versions

We try to make a reasonable effort to support older versions of Snipe-IT, however there are times when library dependencies and/or PHP/MySQL dependencies make it impossible to backport security fixes on older versions.

Version Supported
5.1.x
5.0.x
4.0.x
< 4.0

Reporting a Vulnerability

Security vulnerabilities should be sent to [email protected]. You can typically expect a response within two business days, and we typically have fixes out in under a week from the initial disclosure.

This obviously varies based on the severity of the security issue and the difficulty in remediation, but those have historically been the timelines we worm around.

For a full breakdown of our security policies, please see https://snipeitapp.com/security.

There aren’t any published security advisories