# Security policy

---

## Supported versions

We support **[the latest stable](https://github.com/JustArchiNET/ArchiSteamFarm/releases/latest)** release only. In addition to that, limited support applies to **[the latest pre-release](https://github.com/JustArchiNET/ArchiSteamFarm/releases)** version (if available). Check out our **[release cycle](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Release-cycle)** for more info.

---

## Security advisories

We announce security advisories for our program on **[GitHub](https://github.com/JustArchiNET/ArchiSteamFarm/security/advisories)**. Every entry includes detailed information about the security vulnerability it describes, especially affected versions, attack vectors, fixed versions as well as possible workarounds (if any).

---

## Reporting a vulnerability

We're doing our best to protect our community from all harm, therefore we take security vulnerabilities very seriously.

If you believe that you've found one, we'd appreciate if you let us know about it. You can do so by **[opening a security advisory](https://github.com/JustArchiNET/ArchiSteamFarm/security/advisories/new)**, where we'll do our best to evaluate your issue ASAP and keep you updated with the development status. If your vulnerability isn't crucial and doesn't result in a direct escalation, therefore can be known publicly while the appropriate fix is being implemented, you can also open a standard **[issue](https://github.com/JustArchiNET/ArchiSteamFarm/issues/new/choose)** instead.

Depending on the severity of the issue, we might take further actions in order to limit potential damage, for example by speeding up the release of the next stable ASF version. This is evaluated on a case-by-case basis.