Thank you for helping improve the security of MediaCMS. We take security vulnerabilities seriously and appreciate responsible disclosure.
If you discover a security vulnerability in MediaCMS, please do not open a public GitHub issue.
Instead, report it using one of the following methods:
-
GitHub Security Advisories (preferred)
Use the "Report a vulnerability" feature in this repository. -
Contact Form
Submit details via the official contact page:
https://mediacms.io/contact/
Please include as much of the following information as possible:
- Affected version(s)
- Detailed description of the issue
- Steps to reproduce (PoC if available)
- Impact assessment (e.g. RCE, XSS, privilege escalation)
- Any potential mitigations you are aware of
Security updates are provided for the latest stable release of MediaCMS. Older versions may not receive security patches.
- We aim to acknowledge reports within 7 days
- We aim to provide a fix or mitigation within 90 days, depending on severity
- Please allow us time to investigate before any public disclosure
We follow responsible disclosure practices and will coordinate disclosure timelines when appropriate.
At this time, MediaCMS does not operate a formal bug bounty program. However, we are happy to acknowledge valid security reports in release notes or advisories (with your permission).
Thank you for helping keep MediaCMS secure.