# Security Policy

## Supported Versions

As of May 2022 (and until this document is updated), only the v4.x.x _stable_ releases of Strapi are supported for updates and bug fixes. Any previous versions are currently not supported and users are advised to use them "at their own risk".

- v3.x.x support is limited to Critical/High severity security updates only until December 2022
- v4.x.x is considered LTS until further notice

## Reporting a Vulnerability

Please report (suspected) security vulnerabilities to
**[security@strapi.io](mailto:security@strapi.io)**.

You will receive a response from us within 72 hours. If the issue is confirmed,
we will release a patch as soon as possible depending on complexity
but historically within a few days.