SECURITY.md
# Security Policy
## Supported versions
The following table describes the versions of this project that are currently supported with security updates:
| Version | Supported |
| ------- | ------------------ |
| 6.x | :heavy_check_mark: |
| 5.x | :heavy_check_mark: |
## Responsible disclosure policy
At Sequelize, we prioritize security issues and will try to fix them as soon as they are disclosed.
If you discover a security vulnerability, please reach out to the project maintainers privately. You can find related information in [CONTACT.md](./CONTACT.md).
After validating & discussing scope of security vulnerability, we will set a time-frame for patch distribution. This time-frame may vary depending upon the nature of vulnerability.
Once affected versions are patched you may report security issue to any Node.js security vulnerability database. A few which we have worked with in past are listed below.
- [NPM](https://www.npmjs.com/advisories/report)
- [Snyk.io](https://snyk.io/vulnerability-disclosure)