vesta/SECURITY.md

Reporting Security Vulnerabilities

**If you believe you have discovered a security issue with VestaCP, please open a new private security vulnerability report through https://github.com/outroll/vesta/security/advisories/new.

You can also report security vulnerabilities to security@vestacp.com, and we will create a new security advisory for tracking the fix on your behalf.

We value the effort and contribution of independent security researchers and will credit security researchers in the release notes of the fix, on the following conditions:

• Vulnerabilities are not published publicly prior to the VestaCP releasing a fix; and
• Researchers provide at least 90 days to address the issue before disclosing it publicly.