The following Structr versions are currently supported with security updates:
| Version | Supported | End of Life (EOL) |
|---|---|---|
| 6.x | β | 31-DEC-2027 |
| 5.x | β | 31-DEC-2026 |
| 4.2.x | β | 31-DEC-2025 |
| 4.1.x | β | 31-DEC-2024 |
| 4.0.x | β | 31-DEC-2023 |
| 3.6.x | β | 31-JUL-2023 |
| < 3.5.0 | β | 31-DEC-2022 |
| 4.3-SNAPSHOT | β | Not ready for production |
Only supported versions receive security fixes.
If you discover a security vulnerability in Structr, please report it responsibly.
Do not disclose security issues publicly until they have been reviewed and addressed.
Please report security vulnerabilities via email:
security-incident-report@structr.com
Include the following information where possible:
- A description of the issue
- Steps to reproduce
- Potential impact
- Affected versions
- Any proof-of-concept or relevant logs
- Reports are acknowledged as quickly as possible
- You will receive regular status updates (at least daily)
- Issues are assessed and prioritized immediately
- In case of acceptance, a security patch is typically provided within 48 hours
- Fixes are released responsibly
- Credit may be given to reporters upon request
For non-trivial vulnerabilities, bug bounties may be offered at the discretion of Structr GmbH.
Structr GmbH offers commercial services related to security, including:
- Security consulting
- Hardening recommendations
- Assisted upgrades and patching
- Support for enterprise and public-sector deployments
For commercial inquiries, please contact:
Structr GmbH
https://structr.com
info@structr.com