Skip to content

Security: getformwork/formwork

SECURITY.md

Security Policy

Supported Versions

Version Supported
>= 1.13.x
< 1.13.0

Reporting a Vulnerability

We appreciate anyone's effort to report vulnerabilities found in Formwork. Be responsible about disclosing the vulnerability

You can draft a security advisory with an explaination of the security issue you found and we'll work together to resolve it.

If you prefer you can still contact [email protected]

Warning

Remember that not informing about the vulnerability or publicly disclosing details about the vulnerability even on our Discord channels, or without us knowing, which is even worse, exposes Formwork users to unnecessary additional risk.

Important

Please do NOT use third party security reporting services, or authorities like MITRE to get CVE IDs, we like to keep everything at GitHub for better manageability. We'll request a CVE ID for confirmed vulnerabilities.

Learn more about advisories related to getformwork/formwork in the GitHub Advisory Database