If you believe you have discovered a vulnerability in EspoCRM, please contacts us via this or this forms. Or create a private vulnerability report on GitHub.

For severe vulnerabilities we provide fixes for 2 minor versions (the second number in the version string) back from the current stable version.