We do take security very seriously, and vulnerabilities are publicly disclosed after a fixing version was released.
How To Report Security Bugs
- Reporting an issue: if you find a vulnerability in the code, please do not post an issue directly in Github or in the forum, but direclty send an email to security (at) pyd.io
- Scope of disclosure: If you would like to limit further dissemination of the information in the report, please say so in it. Otherwise the Pydio team may share information with other vendors if we find they may be affected by the same vulnerability. The Pydio Team will handle the information you provide responsibly.
- Getting feedback: We cannot guarantee a prompt human response to every security bug filed. Still, it will probably a matter of hours before you get an answer. If you don’t, please try contacting us by other means to check that the message was correctly received and acknowledged.