The IPFire Project takes security seriously and welcomes contributions from researchers and the community to keep our software and infrastructure secure.
Reporting Security Issues
If you discover a security vulnerability in IPFire or any related infrastructure, please report it privately to our security team:
We aim to acknowledge all reports promptly and will keep you informed about the progress of your report. Please consider our rules on submitting any contributions to IPFire.
Responsible Disclosure
To protect our users, please give us a reasonable time to investigate and address the issue before any public disclosure. We coordinate disclosure timelines with researchers whenever possible.
Contributing Fixes
If you would like to help by submitting a patch, please follow the IPFire patch submission guidelines. Security-related patches are given priority.
Recognition
We value the efforts of security researchers and may publicly acknowledge significant contributions unless anonymity is requested.