# Security Policy

## Supported Versions

* For security issues with high-impacts (e.g. related to payments or user permission), we support 3.8.x and all 4.x version. But the fix for 4.x will released only in latest sub-version.
* For all other security issues, we mainly support version >= 4.x (in which `x` is the latest stable sub-version).

## Reporting a Vulnerability

Please send the details about the security issue to `support@cloudreve.org`. Once the vulnerability is comfirmed or fixed, you will get updates from the email thread.

We will reward you with bounty/swag for success submission of securty issues.