Skip to content

Security: avenjamin/freescout

SECURITY.md

Security Policy

Reporting a Vulnerability

Guidelines

  • One issue per Advisory — do not put several issues into one Advisory, as GitHub will not assign a CVE to such an Advisory.
  • CVEs are requested after the fix for the vulnerability is released.
  • If you found an issue related to the APP_LIMIT_USER_CUSTOMER_VISIBILITY=true mode, make sure to read the FAQ.
  • Support agents are allowed to move conversations to any mailbox, even to ones they don't have access to.
  • FreeScout loads external images in received emails, and there is a Module allowing to disable loading external images: https://freescout.net/module/block-external-images/.

There aren't any published security advisories