# Security Policy

## Supported Versions

| Version | GitHub Sources     | Binary Packages    |
| ------- | ------------------ |------------------- |
| master  | :heavy_check_mark: | :heavy_check_mark: |
| 21.x.y  | :heavy_check_mark: | :white_check_mark: |
| 20.x.y  | :heavy_check_mark: | :white_check_mark: |
| 19.2.x  | :heavy_check_mark: | :white_check_mark: |
| 18.2.x  | :x:                | :x:                |
| 17.2.x  | :x:                | :x:                |
| 16.2.x  | :x:                | :x:                |
| 15.2.x  | :x:                | :x:                |
| 14.2.x  | :x:                | :x:                |
| 13.2.x  | :x:                | :x:                |
| 12.4.x  | :x:                | :x:                |

Besides the master-branch of the project, we maintain the three newest major releases.
Binary packages of maintenance releases for the major-branches are usually only shipped to customers with a subscription.
However, if such a release fixes a critical issue, we may consider releasing binary packages to the general public.

## Reporting a security issue

If you find a security-related problem in Bareos, please report it via e-mail to security@bareos.org.
We will try to respond to you within two days.
Please be patient with us.

Together with you, we will then determine a CVSS score and find out which versions of Bareos are vulnerable.
Based on that information we will decide what actions we will take.