Security Policy

Supported Versions

The Asterisk project maintains an
Asterisk-Versions
page on the project's documentation website.
Each version is listed with its release date, security fix only date, and end of life
date. Consult this wiki page to see if the version of Asterisk you are reporting a
security vulnerability against is still supported.

Reporting a Vulnerability

Please see the
Asterisk Security Vulnerabilities
page on the documentation website then use the
"Report a vulnerability" button under the
"Security"
tab of this project's GitHub repository.
Never use regular GitHub issues to report security vulnerabilities!

Do NOT use the "Start a temporary private fork" security advisory feature!

Private forks created from security advisories are severly limited by GitHub
and cannot run the workflows necessary for validation and testing.  Once an
advisory is accepted, the reporter will be given instructions on how to
submit or test a fix pull request.
