# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 2.1.x   | :white_check_mark: |
| 2.0.x   | :white_check_mark: |
| 1.x     | :x:                |

## Reporting a Vulnerability

To report a security issue use [Security Advisories](https://github.com/SimpleMachines/SimpleDesk/security/advisories).

## The process
When we receive your report, it will be validated with our team.  This includes testing the vulnerabilities.  We don't require a Proof of Concept script/tool, but we do welcome them as they can improve the ability to validate the report and test against the patches.

Once validated, our team will work on patching.

Due to our small team size and because we are all volunteers, we do not have timelines we can give beyond estimates.

## Credits
We are open to giving credits to individuals or organizations for proper reporting and keeping the issue private until we have made the release.  We will ask you after validation on this.  We reserve the right to refuse or limit how we credits.  We typically do not provide credits for publicly known vulnerabilities or if the information is released prior to us making the official release.

## Bounties
This project does not have any source of income and we do not have the funds to pay bounties.

# Thank you
Thank you to all those who help us by scanning our repositories and reviewing our code.  Your efforts go a long way to ensuring our community is receiving a secure product to use.