Security

Have you found a security related bug on SourceForge? Please review this document and let us know. We greatly appreciate security communities and those who disclose problems to us quickly so that we can take action. We provide public thanks and acknowledgement for verified reports.

Useful Information

We cover security vulnerabilities for SourceForge provided services, for example, pages on the http://sourceforge.net website, the Shell service, and File Release System downloads, etc.

When sending in a report, whenever possible, please provide as much information as necessary to reproduce the issue. For example, the URL where the vulnerability is located, the input required, screenshots, web browser and operating systems tested, etc. Accurate information will help us track down and expedite resolving the issue.

Download Mirrors

If you believe there is evidence that file hosting may be compromised, please be sure to indicate the exact files you downloaded, and the mirror you downloaded from. It is also helpful if you can check the file hashes of the downloaded files compared to what we report as the correct hash.

Contacting SourceForge with Security Vulnerabilities

If you've verified a vulnerability, please contact us as soon as possible by emailing security@sourceforge.net with full details and information on how to reproduce the issue.

Public Thanks and Acknowledgement

Once the bug has been fixed, if desired, we can provide public thanks and acknowledgement on this page, and we can give a mention via @sourceforge on Twitter, our Facebook page, and/or Google+ page.

* Vulnerability reported by several independent researchers