If you have discovered a security issue in an OCA addon and want to report it responsibly, write us to [email protected].

Please provide the addon name, repository and a detailed description of the issue, as well as your understanding of how it could be exploited. If you are able to propose a patch, please attach one to your submission.

We try to acknowlege submissions within 10 days.

We then coordinate with the relevant Project Steering Committee (and addon maintainers if they are declared).

We provide early information about vulnerabilities to our members, via [email protected].