For more information regarding dotCMS security polices and known security issues see our documentation site: https://dotcms.com/docs/latest/security-and-privacy
dotCMS is commited to backporting security fixes to our LTS versions for up to 2 years. These versions now include:
| Version | Supported |
|---|---|
| 21.06 LTS | ✅ |
| 5.3.8 LTS | ✅ |
| 5.2.8 LTS | ✅ |
| < 5.2.8 LTS | ❌ |
Wherever possible dotCMS will also provide an osgi/hotfix plugin that can remediate a security issue without having to update you dotCMS version.
Please see our responsible disclosure policy here: https://dotcms.com/docs/latest/responsible-disclosure-policy