The Textpattern Development Team can be contacted directly via firstname.lastname@example.org, whereby a member of our team will respond in due course. However, if your message is security-related, please adhere to the security reports information detailed below.
General email rules
Please refrain from using our email addresses to ask general questions about Textpattern CMS or to ask for support—rather, please make use of the extensive documentation and the support forum. General “How do I…?” questions and support enquiries will be politely ignored when sent to our contact or security email addresses. Thank you for your co-operation and interest in Textpattern!
We take security very seriously! If you wish to report a Textpattern security issue please ensure that you’ve taken care of the following security precautions:
- Take steps to ensure any vulnerability or issue is not due to a third party script, malfunctioning server, or insufficient security precautions taken by you or your server admin (such as weak passwords, for example).
- Report any and all security vulnerabilities to us first. Do not publicly disclose information about potential security bugs. It’s unhelpful, and can be damaging. We follow the RFPolicy 2.0, and expect you to in return.
- Allow us a reasonable amount of time to assess and correct the issue before sharing details with others or otherwise making details public.
- Provide details as to the nature of the vulnerability, and examples of the steps to replicate it.
- As we are a free, open-source project run by volunteers, we do not offer monetary rewards or provide ‘bug bounties’ for discovering and/or reporting security issues. All security reports should be considered free of charge and voluntary on your part. Thank you for your understanding.
Please report vulnerabilities directly to email@example.com, where they will be dealt with in a suitable urgency by the development team.