# Security Policy ## Reporting a Vulnerability **Please do not use GitHub issues for security-sensitive communication.** The LibreTime maintainers ask that known and suspected vulnerabilities to be privately and responsibly disclosed by: - sending all the required detail to [security@libretime.org](security@libretime.org), - or by filling a [security advisory on Github](https://github.com/libretime/libretime/security/advisories/new). A LibreTime maintainer will acknowledged the report within 3 working days. We aim to provide a security patch within 30 days, after this period the report will be disclosed to the public. The security patch will be distributed for the [maintained versions of LibreTime](https://libretime.org/docs/releases/#distributions-releases-support).