If you have spotted a vulnerability in a WP Jazz repository, please let us know immediately. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
You can always contact us directly at [email protected].
You can also create a security advisory on GitHub to securely and privately report a vulnerability to us:
https://github.com/wp-jazz/<repo-name>/security/advisories/new
We will send you a response as soon as possible and will keep you informed on our progress towards a fix and announcement.
Important
Please do not write to us publicly, such as in a forum or in a GitHub issue. A public report can give attackers valuable time to exploit the issue before it is fixed.
By letting us know directly and coordinating the disclosure with us, you can help to protect other Kirby users from such attacks.
Furthermore, leave it to us to request a CVE ID for each confirmed vulnerability. We will provide it to you in advance of the coordinated release.
Security backports are provided for some previous release series.
This Security Policy is adapted from Kirby's Security Policy, version 2024-02-25.
🎷