# Security Policy

## Supported Versions

| Version  | Supported          |
| -------- | ------------------ |
| 6.3.x    | :white_check_mark: |
| <= 6.2.x | :x:                |

## Reporting a Vulnerability

If you've found a security vulnerability in Zammad,
please report the vulnerability exclusively via email
to [security@zammad.com](mailto:security@zammad.com).

To send us a secure message, please use our public key below:

```rsa
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZVsi2RYJKwYBBAHaRw8BAQdAIm/0t+RboVPq5syrc0n9hP3UPH7xok7mNCqM
5R39oZi0JVphbW1hZCBTZWN1cml0eSA8c2VjdXJpdHlAemFtbWFkLmNvbT6ImQQT
FgoAQRYhBARIHz68FJQ7lF5Ox7snHWG50ZiEBQJlWyLZAhsDBQkSzAMABQsJCAcC
AiICBhUKCQgLAgQWAgMBAh4HAheAAAoJELsnHWG50ZiEM+MBAMMdppJHzPNRdgke
bv7+z591+LrQqsKJUBUHjlujsxrbAQCF9RRf2CSTaF2SBD9vrGxdL58Bb/AVs1t6
ZX/Xf/ozDLg4BGVbItkSCisGAQQBl1UBBQEBB0DtyQW5YnpS1MQ+umPKax706r+R
RJZRO63fma5e+rhaKgMBCAeIfgQYFgoAJhYhBARIHz68FJQ7lF5Ox7snHWG50ZiE
BQJlWyLZAhsMBQkSzAMAAAoJELsnHWG50ZiE9w8BAKj36yLaf7do05ObiTjpFR5P
iDa6aRHJSWDpdut8Q19jAQCfH1WZ2M/2VK0E03k6zcfc56m+z1gwdkq78dAunte2
BA==
=GDpl
-----END PGP PUBLIC KEY BLOCK-----
```

We will get back to you as soon as possible and inform
you about the next steps. Accepted vulnerabilities will
be disclosed via patch level release with accompanying
security advisory.

## Rewards

Every first reporter of a vulnerability may be credited
in the related security advisory.

Zammad does not offer financial compensation through a
security bounty program.