# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 1.4.x   | :white_check_mark: |
| < 1.4.0 | :x:                |

## Reporting a Vulnerability

When a vulnerability is found, please *DO NOT* file a public issue. Instead,
send an email to one of the core [maintainers](MAINTAINERS.md) and await
acknowledgement _OR_ file a [private security issue](https://github.com/project-zot/zot/security/advisories). 
Normally we expect to resolve the issue in 60 days. However should there be an exception
the team will reach out for next steps.