# Security Policy You can join our security mailing list to be aware of the latest announcements from our security team. You can subscribe by sending an email to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security). Reported vulnerabilities can be found on [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik). ## Supported Versions - We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year. - Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0). - Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only). Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out). We use [Semantic Versioning](https://semver.org/). | Version | Supported | |-----------|--------------------| | `2.2.x` | :white_check_mark: | | `< 2.2.x` | :x: | | `1.7.x` | :white_check_mark: | | `< 1.7.x` | :x: | ## Reporting a Vulnerability We want to keep Traefik safe for everyone. If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).