Potential security vulnerabilities can be reported directly us at [email protected]
. The Ghost Security Team communicates privately and works in a secured, isolated repository for tracking, testing, and resolving security-related issues.
The full, up-to-date details of our security policy and procedure can always be found in our documentation:
https://docs.ghost.org/security/
Please refer to this before emailing us. Thanks for helping make Ghost safe for everyone 🙏.