# OpenRefine Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 3.4.x   | :white_check_mark: |
| <= 3.3   | :x:                |

## Reporting a Vulnerability

You can privately report a vulnerability to us by sending a report to this private mailing list [mailto:openrefine-coredev@googlegroups.com](mailto:openrefine-coredev@googlegroups.com)

Our core team will try their best to fix any valid vulnerability that is reported to them.

Keep in mind that OpenRefine is designed to run locally on a users PC, while also making network calls across the internet only upon a users choice or command.

As such, certain vulnerabilities might not apply to OpenRefine's design.