Skip to content

Security: tutao/tutanota

SECURITY.md

Security Policy

Supported Versions

This Document applies to all Tuta Mail Clients, the backend services and our web site at https://tuta.com.

Reporting a Vulnerability

Please use github's disclosure feature on our main repo: https://github.com/tutao/tutanota/security

The process is documented here: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability

If you do not have or want a github account, you can follow our guide to reporting security issues on our Support page on the topic: https://tuta.com/support/#report-vulnerability

We generally start investigating security issues as soon as we become aware of them and start patching them after confirming them. We will issue a public disclosure on our blog within 7 Days of disabling vulnerable clients.

Learn more about advisories related to tutao/tutanota in the GitHub Advisory Database