# Security Policy

ImageMagick recommended practices **strongly** encourages you to configure a [security policy](https://imagemagick.org/script/security-policy.php) that suits your local environment.

## Supported Versions

We encourage users to upgrade to the lastest ImageMagick release to ensure that all known security vulnerabilities are addressed.  On request, we can backport a vulnerability to other ImageMagick versions.

## Reporting a Vulnerability

Post any vulnerability as an [issue](https://github.com/ImageMagick/ImageMagick/issues). Or you can post privately to the ImageMagick development [team](https://imagemagick.org/script/contact.php). Most vulnerabilities are fixed within 48 hours.

In addition, request a [CVE](https://cve.mitre.org/cve/request_id.html).  We rely on you to post CVE's so our development team can concentrate on delivering a robust security patch.