Following versions are supported and will receive security updates depending on the vulnerability:
| Version | Supported |
|---|---|
| > 2.x | ✅ |
| > 1.x | ✅ |
| < 1.0 | ❌ |
DO NOT PUBLISH SECURITY REPORTS PUBLICLY.
(Since no-one is waiting for a zero-day vulnerability!)
If you found any issues that might have security implications, please send a report through the security advisories form https://github.com/phpro/grumphp/security/advisories. This form will report a security vulnerability that is visible for the owners only.
From there on, we can triage the issue and start fixing it.
GrumPHP is an Open-Source project where most of the work is done by volunteers. We appreciate that developers are trying to find security issues in GrumPHP and report them responsibly, but we are currently unable to pay bug bounties.