To report a security issue, please use the GitHub Security tab.

For more information, please see GitHub's guidance about Privately reporting a security vulnerability.

If you'd prefer to use email, contact us at security@opencastsoftware.com.

Please include a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

Our security team will respond within 5 working days of your report.

If the issue is confirmed as a vulnerability, a security advisory will be created in GitHub by our security team.

This project follows a 90 day disclosure timeline.