# Security Policy

We appreciate your help in making Firezone secure! We take security issues very
seriously and strive to fix all security issues as soon as they're reported.

## Announcements

We'll announce major security issues on our security mailing list located at:

https://discourse.firez.one/?utm_source=security

## Supported Versions

We release security patches for supported versions of Firezone. We recommend
running the latest version of Firezone at all times.

## Reporting a Vulnerability

Please **do not** open a regular Github Issue for security issues you encounter.

Instead do one of the following and we'll respond as soon as possible:

- Open a GitHub security advisory by visiting:
  https://github.com/firezone/firezone/security/advisories/new
- Or, send an email to `security AT firezone.dev` describing the issue

## PGP Key

You may use the public key below to encrypt emails to
`security AT firezone.dev`. You can also find this key at:

https://keys.openpgp.org/vks/v1/by-fingerprint/250F8B56804107042DFC6A7345113BA04AD83D8A

```
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYYwK5BYJKwYBBAHaRw8BAQdA4ooDpwDy3V0wHCftM/LHD5e713LSr0SQy49j
oUMgHoS0KUZpcmV6b25lIFNlY3VyaXR5IDxzZWN1cml0eUBmaXJlem9uZS5kZXY+
iJkEExYKAEECGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQQlD4tWgEEH
BC38anNFETugStg9igUCZd5UNAUJCBSwUAAKCRBFETugStg9ipZYAP9UTWxLaEwP
rHfZfWFy1bvZxYClAW7PZGW48lp952S9PgEA0P4/kc8b0g2B8Lv2RmbpFffccsBH
kboJ0BiWGhMWSgu0JkZpcmV6b25lIFNlY3VyaXR5IDxzZWN1cml0eUBmaXJlei5v
bmU+iJoEExYKAEICGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAFiEEJQ+L
VoBBBwQt/GpzRRE7oErYPYoFAmXeVDUFCQgUsFAACgkQRRE7oErYPYo3jgD/VTBn
aTyPqnSd9hcA80qamdyf+TeMoYu3jW43S0eCyjwBANgDIAd3QFPvgqHqE7fiByqZ
b7HxOmgCFemKfascb20MuDgEYYwK5BIKKwYBBAGXVQEFAQEHQPLzia/me7FOsFfA
JKWm0X1qC5byv2GWn6LZPV013AdoAwEIB4h+BBgWCgAmAhsMFiEEJQ+LVoBBBwQt
/GpzRRE7oErYPYoFAmRrk2IFCQah734ACgkQRRE7oErYPYpj5AEAi7rkkYEbpVqG
Hxmn2SXlb97PIZL2R/hBIajq1GLZJuUA/RF2hCxVYDgZr9AMeFlBn45y+oeAjyAL
mFEPjKjeDDkD
=yoyX
-----END PGP PUBLIC KEY BLOCK-----
```