Reporting Security Vulnerabilities

Although we try to be proactive in preventing security concerns, it is unfortunately inevitable that security breaches will be discovered in all software, including our own.

It is common practice in open source to disclose a security concern to the vendor in a responsible and private manner prior to publication, so that a patch can be prepared, and so that we can take proactive measures to protect FusionDirectory users.

What is a “security” issue ?

A security issue is a type of bug that can affect the security of FusionDirectory installations.

Specifically, it is a report of a bug that you have found in the code for FusionDirectory and that you have determined can be used to gain some level of access to a site running FusionDirectory that you should not have.

Where do I report security issues ?

If you would like to contact us with a security vulnerability or possible vulnerability, please contact us via email security@fusiondirectory.org. Please do not use this email for support.

Votre mail peut être sigYour email can be signed with the gpg key :

Benoit Mortier : 32BA 180F 6E14 7B5F 52BE 6322 EF2F F1E4 8638 EAD1

Dans tous les cas, vous ne devez pas partager les détails avec quelqu’un d’autre tant que le correctif du bogue n’a pas été officiellement rendu public.