# Security policy

### Reporting a Vulnerability

{% hint style="success" %}
**SEND REPORTS TO:** [**gitamic@simonhamp.me**](mailto:gitamic@simonhamp.me)\
With the subject line: **Gitamic Security**
{% endhint %}

{% hint style="danger" %}
**DO NOT REPORT SECURITY VULNERABILITIES PUBLICLY**

Please **do not** report them as issues on GitHub or share your discovery on Twitter, Discord or in any other public forum, as this may result in them being exploited.
{% endhint %}

Each report **MUST** include:

* Gitamic version (e.g. `2.0.0`)\
  `composer show simonhamp/gitamic | grep "versions :"`
* PHP version (e.g. `8.2.7`)\
  `php -v`
* Statamic version (e.g. `4.9.2`)\
  `php please -V`
* Laravel version (e.g. `10.14.1`)\
  `php artisan -V`
* Git version (e.g. `2.34.1`)\
  `git --version`

Besides these key details, please provide as much context as possible to allow me to assess and reproduce the vulnerability.

All reports will be acknowledged within 48 hours of receipt.

Your report will either be `ACCEPTED` or `DECLINED`, and you will be notified of this decision by reply to your original email.

If your report is accepted, I will work on a fix and you will be notified via email once the fix has been released.

**Note that I will not follow up feature requests or bug reports at the above email address.** Please [report an issue](https://github.com/simonhamp/gitamic-support/issues) instead.

### Rewards

The first reporter of an accepted vulnerability report will receive a free Gitamic lifetime license **once the vulnerability has been mitigated**.

There is no cash alternative.

### Supported Versions

| Version | Supported            |
| ------- | -------------------- |
| > 1.0   | :white\_check\_mark: |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gitamic.simonhamp.me/legal-security-support/security-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.