If you believe you have found a security vulnerability in any LibrePCB product (application, website, server, ...), please report it to us as described below.

Please do not report any security vulnerabilities through public GitHub issues. Instead, use the private reporting mechanism of GitHub Security Advisories:

https://github.com/LibrePCB/LibrePCB/security/advisories/new

The report should contain as much information as possible to help us understand and fix the vulnerability.

You should receive a response within 48 hours. If you do not, please notify us with an email to the address provided at https://librepcb.org/contact/ (ideally without sensitive information contained in the email).

If you don't have a GitHub account, you may send us the report directly to the mentioned email address. But note that this way we cannot provide encrypted communication.

We prefer any communication to be either in English or in German.