The MaEVe project takes security seriously. We make every possible effort to ensure users can adequately secure the CSMS, from the business logic to its underlying infrastructure. To that end, we continuously review security vulnerabilities, as well as security hotspots in the code, and provide fixes in a timely manner.

Please report security vulnerabilities in the Issues section of this github repository. By keeping security issues visible, we leverage our community in helping fix them promptly. Consequently, a patched version of MaEVe can be released to users.

If you are concerned sharing a vulnerability with the rest of the community, you can also send your report to our private team mailing list: maeve-team@thoughtworks.com

Our team will then review your request, and work with the maintainers of the affected component(s) to get the issue resolved.