If you found a security issue, please contact us by:
- our huntr page
- a mail to [glpi-security AT ow2.org]
You should provide us all details about the issue and the way to reproduce it. You may also provide a script that can be used to check the issue exists.
Once the report will be handled, and if the issue is not yet fixed (or in progress) we'll add it to the GitHub security tab, and add you as observer. Meanwhile, you will reserve a CVE for the issue.
Thank you for improving the security of GLPI and its plugins.
We follow the same version support policy as GLPI. This means that we provide security patches to versions of the plugin that target a version of GLPI itself maintained from a security point of view.