# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 2.4.x   | :white_check_mark: |
| <2.4.x   | :x:                |

## Reporting a Vulnerability

Please report any security issues via email to security@getontracks.org.
If you don't get a reply for your email, resend the email after one week.
If there's still no reply, open an issue in the issue queue but *do not
disclose the details* in the issue, only ask about the reply and status.

You can (and should) encrypt the email you send with OpenGPG key
0x8af45b6854414d2d, which you can find for example in pool.sks-keyservers.net.

Unfortunately Tracks is not part of a bug bounty program, but we do provide
appropriate credits for disclosing security issues.