You can find our full security documentation in our [handbook](https://handbook.rocket.chat/space/Handbook/74155072/%F0%9F%94%90+Security).

---

## Supported Versions

We currently provide security updates for the latest versions.  
You can find more information about this [here](https://docs.rocket.chat/docs/version-durability).

---

## Reporting Vulnerabilities

If you discover a security vulnerability, please report it by following the instructions below:

We accept reports through our **Bug Bounty VDP program** on the **HackerOne** platform, which you can access [here](https://hackerone.com/rocket_chat).

Alternatively, you can:

- Send an email to [security@rocket.chat](mailto:security@rocket.chat) with details about the vulnerability.
- Include as much information as possible:
  - Description
  - Affected version
  - Steps to reproduce
  - Identified impact
  - Proof of Concept (PoC)

> **Note:** At this time, we do not offer monetary rewards for reported vulnerabilities.

---

## Disclosure

We are committed to:

- Responsibly validating and fixing vulnerabilities.
- Notifying users when a security update is released.
- Formally acknowledging researchers who help improve Rocket.Chat's security.

---

## Thank You

Thank you for helping us keep this project safe for everyone!