| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability in Ghost, please report it responsibly:
- Do not open a public GitHub issue.
- Contact the maintainer directly via GitHub private message to @arkanzasfeziii.
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours.
- Assessment: Within 7 days.
- Fix release: Within 30 days for confirmed vulnerabilities.
This security policy covers vulnerabilities in the Ghost framework code itself. It does not cover vulnerabilities discovered in target systems during authorized penetration testing.
We follow a coordinated disclosure process. We ask that you give us reasonable time to address the issue before making any information public.