BookStackApp
diff --git a/‎.github/SECURITY.md‎
Lines changed: 32 additions & 0 deletions b/‎.github/SECURITY.md‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎app/Uploads/ImageRepo.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Uploads/ImageRepo.php‎
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+Only the [latest version](https://github.com/BookStackApp/BookStack/releases) of BookStack is supported.
+We generally don't support older versions of BookStack due to maintenance effort and
+since we aim to provide a fairly stable upgrade path for new versions.
+
+## Security Notifications
+
+If you'd like to be notified of new potential security concerns you can [sign-up to the BookStack security mailing list](https://updates.bookstackapp.com/signup/bookstack-security-updates).
+
+## Reporting a Vulnerability
+
+If you've found an issue that likely has no impact to existing users (For example, in a development-only branch)
+feel free to raise it via a standard GitHub bug report issue.
+
+If the issue could have a security impact to BookStack instances, please use one of the below 
+methods to report the vulnerability:
+
+- Directly contact the lead maintainer [@ssddanbrown](https://github.com/ssddanbrown). 
+  - You will need to login to be able to see the email address on the [GitHub profile page](https://github.com/ssddanbrown).
+  - Alternatively you can send a DM via Twitter to [@ssddanbrown](https://twitter.com/ssddanbrown).
+- [Disclose via huntr.dev](https://huntr.dev/bounties/disclose)
+  - Bounties may be available to you through this platform.
+  - Be sure to use `https://github.com/BookStackApp/BookStack` as the repository URL.
+
+Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability
+can often take a little time due to the amount of preparation required, to ensure the vulnerability has
+been covered, and to create the content required to adequately notify the user-base.
+
+Thank you for keeping BookStack instances safe!
@@ -38,7 +38,7 @@ public function __construct(
      */
     public function imageExtensionSupported(string $extension): bool
     {
-        return in_array(trim($extension, '. \t\n\r\0\x0B'), static::$supportedExtensions);
+        return in_array(trim($extension, ". \t\n\r\0\x0B"), static::$supportedExtensions);
     }
 
     /**
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public function __construct(`
`38`	`38`	`*/`
`39`	`39`	`public function imageExtensionSupported(string $extension): bool`
`40`	`40`	`{`
`41`		`- return in_array(trim($extension, '. \t\n\r\0\x0B'), static::$supportedExtensions);`
	`41`	`+ return in_array(trim($extension, ". \t\n\r\0\x0B"), static::$supportedExtensions);`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`/**`