1# Security Policy 2 3## Supported Versions 4 5| Version | Supported | 6| ------- | ------------------ | 7| 14.0 | :white_check_mark: | 8| 13.0 | :white_check_mark: | 9| 12.0 | :white_check_mark: | 10| <=11.0 | :x: | 11 12## Reporting a Vulnerability 13 14Please share privately the details of your security vulnerability by contacting our Security Team: 15[Contact Info](https://www.odoo.com/security-report) 16 17Make sure to include as much information as possible, with the detailed steps to reproduce the problem, 18the versions that are affected, the expected results and actual results, and any other information that 19might help us react faster and more efficiently. 20 21We tend to prefer _text-based descriptions_ accompanied with a proof-of-concept script/exploit, rather 22than screenshots and videos. 23 24Our [Responsible Disclosure](https://www.odoo.com/security-report) page gives an overview of the 25process, including: 26 27 - Our Incident Response Procedure (what will happen after you report an issue) 28 - Our Rules (what you can and cannot do while researching security issues) 29 - Guidelines with **DO REPORT** and **DO NOT REPORT** issues 30 (what kind of issues will be accepted/rejected) 31 32 33## Important note 34 35We receive a majority of security reports that have little to no impact on the security of Odoo or 36the Odoo Cloud, and we ultimately have to reject them. To avoid a disappointing experience when 37contacting us, please try to put together a proof-of-concept attack and take a critical look at 38what's really at risk. 39If the proposed attack scenario turns out unrealistic, your report will probably be rejected. 40Also be sure to review our list of [non-qualifying issues](https://www.odoo.com/security-report#what). 41