gunicorn/SECURITY.md
Benoit Chesneau 56b5ad87f8
Restore Python 3.10 and 3.11 support (#3425)
This change extends Python support back to 3.10 and 3.11, which are
still actively maintained by the PSF:
- Python 3.10: Security support until Oct 2026
- Python 3.11: Active support (latest feature release)
- Python 3.12: Active support
- Python 3.13: Latest stable release

The previous change to support only 3.12+ was too restrictive as many
users are still on Python 3.10 and 3.11 in production environments.

Changes:
- Updated pyproject.toml to set minimum Python to 3.10
- Added Python 3.10, 3.11, and PyPy 3.10 to CI matrix
- Updated all documentation to reflect Python 3.10+ requirement
- Maintained compatibility with latest pylint for Python 3.12+
2025-10-05 22:45:21 +02:00

31 lines
1.1 KiB
Markdown

# Security Policy
## Reporting a Vulnerability
**Please note that public Github issues are open for everyone to see!**
If you believe you are found a problem in Gunicorn software, examples or documentation, we encourage you to send your
report privately via [email](mailto:security@gunicorn.org?subject=Security%20issue%20in%20Gunicorn), or via Github
using the *Report a vulnerability* button in the [Security](https://github.com/benoitc/gunicorn/security) section.
## Supported Releases
At this time, **only the latest release** receives any security attention whatsoever.
Please target reports against :white_check_mark: or current master. Please understand that :x: will
not receive further security attention.
| Version | Status |
| ------- | ------------------ |
| 23.0.0 | :white_check_mark: |
| 22.0.0 | :x: |
| 21.2.0 | :x: |
| 20.0.0 | :x: |
| < 20.0 | :x: |
## Python Versions
Gunicorn runs on Python 3.10+, supporting Python versions that are still maintained by the PSF.
We *highly recommend* the latest release of a [supported series](https://devguide.python.org/versions/)
and will not prioritize issues affecting EoL environments.