Updated: March 10th, 2021
Reporting security vulnerabilities
Security vulnerabilities in the Friendica software can be reported two ways:
- Publicly on the official GitHub project page: https://github.com/friendica/friendica/issues
- Privately to the Friendica mailing list: info@friendi.ca
We do not have a specific policy regarding which vulnerabilities should be disclosed publicly or privately.
Bounties
The Friendica project doesn’t offer cash or anything else of a material value for reporting security vulnerabilities, whether they are confirmed or not.