# Security Policy ## Supported Versions * For security issues with high impact (e.g. related to payments or user permissions), we support 3.8.x and all 4.x versions. Fixes for 4.x will be released only in the latest sub-version. * For all other security issues, we mainly support versions >= 4.x (where `x` is the latest stable sub-version). ## Reporting a Vulnerability Please report security vulnerabilities privately through GitHub's [Security Advisories](https://github.com/cloudreve/Cloudreve/security/advisories/new) by opening a new draft advisory in this repository. Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests. Once the vulnerability is confirmed or fixed, you will receive updates through the advisory thread.