# Security Policy

## Supported Versions

To receive fixes for security vulnerabilities it is required to always upgrade to the latest version of CodeOcean. 
See https://github.com/openHPI/codeocean/tree/master for the latest version.

## Reporting a Vulnerability

If you have found a vulnerability or you are uncertain whether what you have discovered is a vulnerability,
please send an email to sebastian.serth@hpi.de ([GPG Key](https://github.com/mrserth.gpg)).

If you have a patch for the issue please use `git format-patch` and attach it to the email. Please do not open an issue or 
pull request on GitHub as that may disclose sensitive details around the vulnerability.