Version | Supported |
---|---|
6.3.x | ✅ |
<= 6.2.x | ❌ |
If you've found a security vulnerability in Zammad, please report the vulnerability exclusively via email to [email protected].
To send us a secure message, please use our public key below:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZVsi2RYJKwYBBAHaRw8BAQdAIm/0t+RboVPq5syrc0n9hP3UPH7xok7mNCqM
5R39oZi0JVphbW1hZCBTZWN1cml0eSA8c2VjdXJpdHlAemFtbWFkLmNvbT6ImQQT
FgoAQRYhBARIHz68FJQ7lF5Ox7snHWG50ZiEBQJlWyLZAhsDBQkSzAMABQsJCAcC
AiICBhUKCQgLAgQWAgMBAh4HAheAAAoJELsnHWG50ZiEM+MBAMMdppJHzPNRdgke
bv7+z591+LrQqsKJUBUHjlujsxrbAQCF9RRf2CSTaF2SBD9vrGxdL58Bb/AVs1t6
ZX/Xf/ozDLg4BGVbItkSCisGAQQBl1UBBQEBB0DtyQW5YnpS1MQ+umPKax706r+R
RJZRO63fma5e+rhaKgMBCAeIfgQYFgoAJhYhBARIHz68FJQ7lF5Ox7snHWG50ZiE
BQJlWyLZAhsMBQkSzAMAAAoJELsnHWG50ZiE9w8BAKj36yLaf7do05ObiTjpFR5P
iDa6aRHJSWDpdut8Q19jAQCfH1WZ2M/2VK0E03k6zcfc56m+z1gwdkq78dAunte2
BA==
=GDpl
-----END PGP PUBLIC KEY BLOCK-----
We will get back to you as soon as possible and inform you about the next steps. Accepted vulnerabilities will be disclosed via patch level release with accompanying security advisory.
Every first reporter of a vulnerability may be credited in the related security advisory.
Zammad does not offer financial compensation through a security bounty program.
- Potential security issues can be reported via [email protected].
- We evaluate them and provide timely feedback to the reporter.
- There may be security releases created if needed, e.g. https://zammad.com/en/releases/6-3-1.
- We publish security advisories for every acknowledged issue, like https://zammad.com/en/advisories/zaa-2024-04.
- After their publication, we request CVE identifiers to be assigned to the advisories.