If you discover a security vulnerability in taiga-back, please report it emailing privately to: security@taiga.io
Do not open public GitHub issues for security vulnerabilities. Public disclosure of detailed exploits can put users at risk.
Include as much detail as possible to help maintainers reproduce and fix the issue:
- Clear description of the problem or vulnerability
- Steps to reproduce (if applicable)
- Expected vs. actual behavior
- Potential impact and severity
- Affected versions, configurations, or environments
- Logs, screenshots, OS versions or proof-of-concept (if available)
Detailed reports help maintainers respond faster and release secure fixes.
Do not disclose the issue publicly until it has been addressed.
Allow maintainers reasonable time to investigate and resolve the problem before sharing details.
This policy applies to the taiga-back repository.
Thanks for helping keep Taiga secure.