Skip to content

Security: ChurchCRM/CRM

SECURITY.md

Security Policy

Reporting a Vulnerability

At ChurchCRM, we take the security of our software seriously. If you discover any security issues, we appreciate your cooperation in responsibly disclosing the information to us.

To report a security vulnerability, file a github issue include the following details:

  • Description of the vulnerability
  • Steps to reproduce the vulnerability
  • Any relevant information on the environment and configurations

Scope

Please note that the following activities are considered within the scope of our responsible disclosure process:

  • Reporting security vulnerabilities directly to us
  • Providing details necessary for us to reproduce and validate the vulnerability

No Security Testing on Demo Sites

For security and stability reasons, we kindly request that you do not perform any security testing on the demo sites provided by ChurchCRM. The demo sites are for showcasing purposes only, and any attempts to identify or exploit security vulnerabilities on these sites may lead to unintended disruptions.

If you are interested in security testing or assessments, please focus your efforts on your local development environments or any instances you have set up for testing purposes.

Thank you for your understanding and cooperation in making ChurchCRM a more secure platform.

Supported Versions

Version Supported PHP Version
5.3 + >=8.1
5.0 - 5.2.x 8.1
4.0.x 7.2.x 7.3.x
3.0.x 7.x
2.0.x 5.6 7.0 7.1
Learn more about advisories related to ChurchCRM/CRM in the GitHub Advisory Database