Only the [latest version](https://github.com/BookStackApp/BookStack/releases) of BookStack is supported.

We generally don't support older versions of BookStack due to maintenance effort and

since we aim to provide a fairly stable upgrade path for new versions.

If you'd like to be notified of new potential security concerns you can [sign-up to the BookStack security mailing list](https://updates.bookstackapp.com/signup/bookstack-security-updates).

If you've found an issue that likely has no impact to existing users (For example, in a development-only branch)

feel free to raise it via a standard GitHub bug report issue.

If the issue could have a security impact to BookStack instances, please use one of the below

methods to report the vulnerability:

- Directly contact the lead maintainer [@ssddanbrown](https://github.com/ssddanbrown).

- You will need to login to be able to see the email address on the [GitHub profile page](https://github.com/ssddanbrown).

- Alternatively you can send a DM via Twitter to [@ssddanbrown](https://twitter.com/ssddanbrown).

- [Disclose via huntr.dev](https://huntr.dev/bounties/disclose)

- Bounties may be available to you through this platform.

- Be sure to use `https://github.com/BookStackApp/BookStack` as the repository URL.

Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability

can often take a little time due to the amount of preparation required, to ensure the vulnerability has

been covered, and to create the content required to adequately notify the user-base.

Thank you for keeping BookStack instances safe!