If you believe you have discovered a vulnerability in EspoCRM please contacts us via this or this forms.

For severe vulnerabilities we provide fixes for 2 minor versions (the second number in the version string) back from the current stable version. Separate patches or manual fix guidelines will be provided for more old versions.