# Security Policy

## Supported Versions

We're aiming to only support the latest major version of log4js. Older than that is usually _very_ old.

| Version | Supported          |
| ------- | ------------------ |
| 6.x     | :white_check_mark: |
| < 6.0   | :x:                |

## Reporting a Vulnerability

Report vulnerabilities via email to:

- Gareth Jones <gareth.nomiddlename@gmail.com>
- Lam Wei Li <lam_wei_li@hotmail.com>

Please put "[log4js:security]" in the subject line. We will aim to respond within a day or two.