2020-03-25 06:14:24 +08:00
|
|
|
# Security Policy
|
|
|
|
|
|
|
|
|
|
## Supported Versions
|
|
|
|
|
|
|
|
|
|
See [RabbitMQ Release Series](https://www.rabbitmq.com/versions.html) for a list of currently supported
|
|
|
|
|
versions.
|
|
|
|
|
|
|
|
|
|
Vulnerabilities reported for versions out of support will not be investigated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
|
|
2023-06-20 19:40:13 +08:00
|
|
|
Please responsibly disclosure vulnerabilities to `rabbitmq-core@groups.vmware.com` and include the following information:
|
2020-03-25 06:14:24 +08:00
|
|
|
|
|
|
|
|
* RabbitMQ and Erlang versions used
|
|
|
|
|
* Operating system used
|
|
|
|
|
* A set of steps to reproduce the observed behavior
|
2022-08-16 15:50:10 +08:00
|
|
|
* An archive produced by [rabbitmq-collect-env](https://github.com/rabbitmq/support-tools/blob/main/scripts/rabbitmq-collect-env)
|
2023-06-20 19:40:13 +08:00
|
|
|
|
2020-03-25 06:14:24 +08:00
|
|
|
RabbitMQ core team will get back to you after we have triaged the issue. If there's no sufficient reproduction
|
|
|
|
|
information available, we won't be able to act on the report.
|
2023-06-20 19:40:13 +08:00
|
|
|
|
2020-03-25 06:14:24 +08:00
|
|
|
RabbitMQ core team does not have a security vulnerability bounty programme at this time.
|
2023-06-20 19:40:13 +08:00
|
|
|
|
