Security Policy
Supported Versions
| Kirby Version | Support Status |
|---|---|
| 3.4.0 | ✅ Latest Kirby release, actively supported |
| 3.3.6+ | ✅ No known security issues |
| 2.5.13+ | ⚠️ Security support until 31.12.2020, no active development |
| 1.* | ❌ Not supported |
Past Security Incidents
| Affected versions | Description | Fixed in |
|---|---|---|
| <=3.3.5 | Registration block: .dev domains and some reverse proxy setups were treated as local | 3.3.6 |
Security Guide
Please follow our security guide to keep your Kirby installation secure.
Reporting a Vulnerability
If you have spotted a vulnerability in Kirby's core or the Panel, please make sure to let us know immediately. We take any report very seriously and we will react as soon as possible.
You can always write us directly at security@getkirby.com.
If you want to encrypt your message, our GPG key is 6E6B 057A F491 FFAD 363F 6F49 9101 10FA A459 E120.
Please do not write to us publicly, e.g. in the forum, as making security vulnerabilities public before they are fixed can give attackers valuable time to exploit the issue. By letting us know directly, you can protect other Kirby users from such attacks.