The Postiz app is committed to ensuring the security and integrity of our users' data. This security policy outlines our procedures for handling security vulnerabilities and our disclosure policy.
If you discover a security vulnerability in the Postiz app, please report it through the GitHub Security Advisory system.
When reporting a security vulnerability, please provide as much detail as possible, including:
- A clear description of the vulnerability
- Proof of Concept
- Steps to reproduce the vulnerability
- Any relevant code or configuration files
If the report has immidiate urgency, please contact one (or more) of the maintainers via email:
We do not evaluate or support security reports generated by LLMs (Large-Language Models / AI). Any report that seems to be generated by AI will be instantly closed on sight by one of our maintainers. However, if the AI report has been closely evaluated by human oversight, and provides a PoC (Proof of Concept) and a reproduction guide, with potential Impact for Postiz, we may evaluate your report like human-generated reports
This project currently only supports the latest release. We recommend that users always use the latest version of the Postiz app to ensure they have the latest security patches.
We follow a private disclosure policy. If you discover a security vulnerability, please report it to us privately via email to one of the maintainers listed above. We will respond promptly to reports of vulnerabilities and work to resolve them as quickly as possible.
We will not publicly disclose security vulnerabilities until a patch or fix is available to prevent malicious actors from exploiting the vulnerability before a fix is released.
We take security vulnerabilities seriously and will respond promptly to reports of vulnerabilities. Our response process includes:
- Investigating the report and verifying the vulnerability.
- Developing a patch or fix for the vulnerability.
- Releasing the patch or fix as soon as possible.
- Notifying users of the vulnerability and the patch or fix.