sanic/SECURITY.md

# Security Policy

## Supported Versions

Sanic releases long term support release once a year in December. LTS releases receive bug and security updates for **24 months**. Interim releases throughout the year occur every three months, and are supported until the subsequent interim release.

| Version | LTS           | Supported          |
| ------- | ------------- | ------------------ |
| 20.12   | until 2022-12 | :heavy_check_mark: |
| 20.9    |               | :x:                |
| 20.6    |               | :x:                |
| 20.3    |               | :x:                |
| 19.12   | until 2021-12 | :white_check_mark: |
| 19.9    |               | :x:                |
| 19.6    |               | :x:                |
| 19.3    |               | :x:                |
| 18.12   |               | :x:                |
| 0.8.3   |               | :x:                |
| 0.7.0   |               | :x:                |
| 0.6.0   |               | :x:                |
| 0.5.4   |               | :x:                |
| 0.4.1   |               | :x:                |
| 0.3.1   |               | :x:                |
| 0.2.0   |               | :x:                |
| 0.1.9   |               | :x:                |

:white_check_mark: = security/bug fixes
:heavy_check_mark: = full support

## Reporting a Vulnerability

If you discover a security vulnerability, we ask that you **do not** create an issue on GitHub. Instead, please [send a message to the core-devs](https://community.sanicframework.org/g/core-devs) on the community forums. Once logged in, you can send a message to the core-devs by clicking the message button.

This will help to not publicize the issue until the team can address it and resolve it.