Skip to content

Security: lennartack/roundcubemail

Security

SECURITY.md

Security Policy

Supported Versions

Check our website's download page to see which versions are still supported and will receive security updates.

Reporting a Vulnerability

If you found a security issue or vulnerability of the software, please report with direct and encrypted email to thomas[at]roundcube.net and alec[at]alec.pl. You can find the according PGP public keys on the major public keyservers like pgp.key-server.io.

Your report should include clear steps for reproduction and a classification of the found vulnerability.

Publishing and Credits

We're dedicated to analyze and fix the reported issues as fast a possible. Usually within days we'll have an update ready. Together with the reporter we plan the releasing and the disclousure of the found and fixed vulnerability. Credits to the reporter are granted and can be included in all public communication if desired.

There aren’t any published security advisories