If you discover a security vulnerability within Statamic Boost, please send an email to the maintainer. All security vulnerabilities will be promptly addressed.
Please do not report security vulnerabilities through public GitHub issues.
- Initial response: Within 48 hours
- Status update: Within 7 days
- Fix timeline: Depends on severity, typically within 30 days
| Version | Supported |
|---|---|
| 1.x | ✅ |
When using Statamic Boost:
- Keep dependencies up to date
- Review MCP tool permissions in production
- Use environment-appropriate configurations
- Regularly update to the latest version