Security is critical to online platforms, and this is echoed by FriendsOfFlarum.

We strive to fix security vulnerabilities before they reach end users, but we are just human and sometimes mistakes can happen.

This policy defines how we handle security vulnerabilites and disclosures.

We offer security patches for the latest versions of our extensions, and the latest version compatible with the previous core release.

If you find an issue on an older version of an extension, please attempt to recreate it on the latest version before you notify us.

If you find a security vulnerability in any of our packages, please notify us via email immediately.

Contact us: security@friendsofflarum.org.

We will get back to you as time allows. Discussions may commence internally, so you may not hear back immediately. When reporting a vulnerability, please provide your GitHub username (if available), so that we can invite you to collaborate with us on a security advisory on GitHub.