Security Policy Reporting a Vulnerability Report a security vulnerability in the Application Core: https://github.com/freescout-help-desk/freescout/security/advisories Report a security vulnerability in a Module: https://freescout.net/contact-us/ Guidelines One issue per Advisory — do not put several issues into one Advisory, as GitHub will not assign a CVE to such an Advisory. CVEs are requested after the fix for the vulnerability is released. If you found an issue related to the APP_LIMIT_USER_CUSTOMER_VISIBILITY=true mode, make sure to read the FAQ. Support agents are allowed to move conversations to any mailbox, even to ones they don't have access to. FreeScout loads external images in received emails, and there is a Module allowing to disable loading external images: https://freescout.net/module/block-external-images/.