The Laminas Project takes security seriously
Reporting Potential Security Issues
If you have encountered a potential security vulnerability in the Laminas Project, please report it to us at firstname.lastname@example.org. We will work with you to verify the vulnerability and patch it.
When reporting issues, please provide the following information:
- Component(s) affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact
We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Laminas Project users and provides them with a chance to upgrade and/or update in order to protect their applications.
For sensitive email communications, please use our PGP key.
The Laminas Project takes security seriously. If we verify a reported security vulnerability, our policy is:
- We will patch the current release branch, as well as the immediate prior minor release branch.
- After patching the release branches, we will immediately issue new security fix releases for each patched release branch.
- A security advisory will be released on the Laminas Project site detailing the vulnerability, as well as recommendations for end-users to protect themselves. Security advisories will be listed at https://getlaminas.org/security/advisories, as well as via a feed (which is also present in the website head for easy feed discovery)