The IPFire Project takes security seriously and welcomes contributions from researchers and the community to keep our software and infrastructure secure.
Reporting Security Issues
If you discover a security vulnerability in IPFire or any related infrastructure, please report it privately to our security team:
We aim to acknowledge all reports promptly and will keep you informed about the progress of your report.
Responsible Disclosure
To protect our users, please give us a reasonable time to investigate and address the issue before any public disclosure. We coordinate disclosure timelines with researchers whenever possible.
Contributing Fixes
If you would like to help by submitting a patch, please follow the IPFire patch submission guidelines. Security-related patches are given priority.
Recognition
We value the efforts of security researchers and may publicly acknowledge significant contributions unless anonymity is requested.