Please do NOT disclose security-related issues in public, see instructions below.
October CMS is an evergreen product, no one version is singled out for security fixes because there is no way to update just one version. Builds are continually released and security fixes will always be available in the latest build. We encourage all users to upgrade their websites to the latest version.
In cases where there are platform versioning constraints, such as old version of Laravel or PHP, we will make a best effort to backport security fixes to these compatible versions.
If you discover a security vulnerability within October CMS, please send an email the security team at [email protected]. All security vulnerabilities will be promptly addressed.