mirror of
https://github.com/asterisk/asterisk.git
synced 2026-06-09 11:55:19 +00:00
28 lines
1.2 KiB
Markdown
28 lines
1.2 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
The Asterisk project maintains an
|
|
[Asterisk-Versions](https://docs.asterisk.org/About-the-Project/Asterisk-Versions/)
|
|
page on the project's [documentation website](https://docs.asterisk.org).
|
|
Each version is listed with its release date, security fix only date, and end of life
|
|
date. Consult this wiki page to see if the version of Asterisk you are reporting a
|
|
security vulnerability against is still supported.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please see the
|
|
[Asterisk Security Vulnerabilities](https://docs.asterisk.org/About-the-Project/Asterisk-Security-Vulnerabilities/)
|
|
page on the [documentation website](https://docs.asterisk.org) then use the
|
|
"Report a vulnerability" button under the
|
|
["Security"](https://github.com/asterisk/asterisk/security)
|
|
tab of this project's GitHub repository.
|
|
**Never use regular GitHub issues to report security vulnerabilities!**
|
|
|
|
##### Do NOT use the "Start a temporary private fork" security advisory feature!
|
|
|
|
Private forks created from security advisories are severly limited by GitHub
|
|
and cannot run the workflows necessary for validation and testing. Once an
|
|
advisory is accepted, the reporter will be given instructions on how to
|
|
submit or test a fix pull request.
|