Please do not report security vulnerabilities through public GitHub issues.
Instead, open a private issue via GitHub's security advisory feature, or if you cannot access that, open a regular issue with only minimal details and the maintainer will follow up privately.
Issue tracker: https://github.com/erinversfeldcodes/thestacks/issues
The Stacks is a self-hosted platform. Security reports are welcome for:
- Authentication or authorisation bypasses
- SQL injection or data exposure risks
- GDPR/privacy violations in the data model
- Dependency vulnerabilities with a clear attack path
The maintainer will acknowledge receipt within 5 business days and aim to provide a fix or mitigation timeline within 30 days for confirmed vulnerabilities.
This project is in active early development. Only the latest commit on main
is supported.