At Mautic, we are dedicated to ensuring the security of our software ecosystem and enhancing the experience of our developers and users. The diligent attention of community members and security researchers has significantly contributed to our ongoing commitment to create safer, more robust software.
The announcement by huntr - our trusted partner in managing the reporting and communication around software vulnerabilities - that they will shift their strategic focus to only handle vulnerabilities related to AI and ML libraries and frameworks rather than all open source projects, necessitates a transition on our part too.
We want to ensure that we continue to maintain transparency and open channels of communication with our community on security issues.
With this in mind, we are happy to announce that we are moving to GitHub's built-in private vulnerability reporting system.
What does this mean for you?
If you have previously reported vulnerabilities or contributed to Mautic using huntr, you can now seamlessly navigate to the Security tab on our GitHub repository page and use the built-in form there to privately report any potential security vulnerability you discover.
While only the title and description are mandatory on this form, we encourage you to provide as much information as possible to aid our prompt and adequate response. Please check our guidelines on our website for how to write a great report.
Our Commitment
While we transition between these systems, we continue to be committed to the safety of our users and the integrity of our ecosystem. We assure our community that your alerts, concerns, and reports will be attended to with the due diligence and priority they deserve.
We will be communicating with the authors of all open reports as we transition systems and will be including several fixes in upcoming releases.
For a step-by-step guide on how to report a vulnerability using GitHub's built-in security tab, we recommend referring to the official GitHub reporting guidelines.
We appreciate the efforts of all our community members, and we value your continued contribution and support as we work together in building a safer and more secure Mautic community.
This is a companion discussion topic for the original entry at https://www.mautic.org/blog/community/mautic-adopts-githubs-private-security-reporting-system-vulnerability-reporting