Security¶
If you discover a vulnerability in pretalx, please report it to us so we can address it promptly.
Reporting vulnerabilities¶
Please report security vulnerabilities to support@pretalx.com. We will respond in a timely manner and work with you to understand and address the issue.
For encrypted communication, you can reach us at r@rixx.de (GPG key).
In your report, please include:
A description of the vulnerability
Steps to reproduce the issue
Any relevant technical details (versions, configurations, etc.)
If you find and report a vulnerability, please:
Allow reasonable time for us to address the issue before public disclosure
Do not access or modify data belonging to others
Do not degrade the availability of our services
Version support¶
Security support is provided for the current stable release only. Due to limited development bandwidth, we cannot provide security patches for older releases.
If you require support for previous releases, please contact support@pretalx.com.
We recommend keeping your pretalx installation up to date to ensure you receive security patches. See our Release cycle documentation for more details.
Announcements¶
Security issues are announced on our blog along with regular release announcements. Releases are also published on GitHub and PyPI.
Acknowledgements¶
As a small open source project, we are unable to offer financial rewards for vulnerability reports. However, we gratefully acknowledge all confirmed issues in our blog posts and release notes.