Help Search

How can I report a security vulnerability?

Please send us an email at security@passbolt.com. Do not use Github or any other public channels. We ask that you keep the issue confidential until we have a fix and an announcement ready.

You can encrypt the content of your email using GPG with the following key:

017F E21B F15D 5825 6A3E 17AA 2494 727D EC92 2EA0

Once the security issue confirmed, our team will take the following actions:

  • Try to first reproduce the issue and confirm the vulnerability.
  • Acknowledge to the reporter that we’ve received the issue and are working on a fix.
  • Get a fix/patch prepared and create associated automated tests.
  • Prepare a post describing the vulnerability, and the possible exploits.
  • Release new versions of all affected major versions.
  • Prominently feature the problem in the release announcement.
  • Provide credits in the release announcement to the reporter if they so desire.

Not finding what you are looking for? You can also ask the community on the forum.

Talk to a human