Security Policy

Supported Versions

Until we have the version 1.0 we support only the last minor and major version with security updates.

Reporting a Vulnerability

Security is very important to us.

If you have any issue regarding security, please disclose the information responsibly by sending an email to security [at] decidim [dot] org and not by creating a github/metadecidim issue. We appreciate your effort to make Decidim more secure.

We recommend to use GPG for these kind of communications, the fingerprint is C1BD 8981 D83C 23F9 D419 FE42 149A D0F9 84B9 35C4. To download our key:

gpg --keyserver pgp.mit.edu --recv 84B935C4