Portainer maintains both Short-Term Support (STS) and Long-Term Support (LTS) versions in accordance with our official Portainer Lifecycle Policy.

For a detailed breakdown of current versions and their specific End of Life (EOL) dates, please refer to the Portainer Lifecycle Policy.

The Portainer team takes the security of our products seriously. If you believe you have found a security vulnerability in any Portainer-owned repository, please report it to us responsibly.

Please do not report security vulnerabilities via public GitHub issues.

1. Report: Email your findings to [email protected].

2. Details: To help us verify the issue, please include:

   • A description of the vulnerability and its potential impact.

   • Step-by-step instructions to reproduce the issue (e.g. proof-of-concept code, scripts, or screenshots).

   • The version of the software and the environment in which it was found.

3. Acknowledge: We will acknowledge receipt of your report and provide an initial assessment.

4. Resolution: We will work to resolve the issue as quickly as possible. We request that you do not disclose the vulnerability publicly until we have released a fix and notified affected users.

If you follow the responsible disclosure process, we will:

• Respond to your report in a timely manner.

• Provide an estimated timeline for remediation.

• Notify you when the vulnerability has been patched.

• Give credit for the discovery (if desired) once the fix is public.

We will make every effort to promptly address any security weaknesses. Security advisories and fixes will be published through GitHub Security Advisories and other channels as needed.

Thank you for helping keep Portainer and our community secure.

• Contributing to Portainer