Reporting security bugs
If you discover a security issue in ivatar, please report it to us privately so
that we can push a fix to the main service before disclosing the problem
publicly. We will credit you publicly (unless you don't want to) with this
The best way to do that is to file a security bug on our
. Make sure you change the bug visibility (see "This issue is confidential
and should only be visible to team members with at least Reporter access") and
set the 'Security' label.
Alternatively, you can talk to us at
We will do our best to respond to you within 24-48 hours.
Also, please let us know if you are under any kind of publication deadline.
Security Hall of fame
We would like to thank the following people who have helped make
ivatar/Libravatar more secure by reporting security issues to us.