We take security issues very seriously, and will always attempt to address any vulnerabilities as quickly as possible.
We try to make a reasonable effort to support older versions of Snipe-IT, however there are times when library dependencies and/or PHP/MySQL dependencies make it impossible to backport security fixes on older versions.
| Version | Supported |
|---|---|
| 5.1.x | ✅ |
| 5.0.x | ❌ |
| 4.0.x | ✅ |
| < 4.0 | ❌ |
Security vulnerabilities should be sent to security@snipeitapp.com. You can typically expect a response within two business days, and we typically have fixes out in under a week from the initial disclosure.
This obviously varies based on the severity of the security issue and the difficulty in remediation, but those have historically been the timelines we worm around.
For a full breakdown of our security policies, please see https://snipeitapp.com/security.