# Security Policy

## Supported Versions

The following versions of **PHPCRM** are currently supported with security updates:

| Version | Supported |
|--------|-----------|
| Latest release | ✅ Yes |
| Older releases | ❌ No |

We strongly recommend always using the **latest stable version**.

---

## Reporting a Vulnerability

We take security seriously and appreciate responsible disclosure.

### 🔒 Please DO NOT report security vulnerabilities through public GitHub issues.

Instead, report them privately using one of the following methods:

- 📧 **Email:** security@phpcrm.com  
- 🌐 **Contact Form:** https://www.phpcrm.com/contact

### Include the following details:
- Description of the vulnerability  
- Steps to reproduce  
- Affected version(s)  
- Proof of concept (if available)  
- Your environment (PHP version, server, database)

---

## Response Process

Once a security report is received:

1. We will acknowledge receipt within **48 hours**
2. The issue will be reviewed and validated
3. A fix will be developed and tested
4. A security patch will be released
5. Credit will be given to the reporter (if requested)

---

## Security Best Practices

We recommend the following to keep your PHPCRM installation secure:

- Use the **latest PHP & MySQL versions**
- Keep file permissions properly restricted
- Use strong admin passwords
- Enable HTTPS (SSL)
- Regularly back up your database
- Restrict access to the `/app` and configuration files
- Keep third-party dependencies updated

---

## Third-Party Dependencies

PHPCRM relies on trusted third-party libraries.  
Any security issues related to dependencies are tracked and resolved as quickly as possible.

---

## Disclosure Policy

Security vulnerabilities are disclosed **responsibly** and **only after a fix is available**.

---

Thank you for helping keep **PHPCRM** secure 🙏  
Your responsible disclosure helps protect the entire community.