Skip to content

Security Policy

Supported Versions

Version Supported
9.0.x ✅
< 9 ❌

Reporting a Vulnerability

If you find a security vulnerability in the download of the config, execution of the config, or something else, contact mastercoms through email directly: mastercoms@tuta.io.

If you have a solution for the issue, attach it as a patch file to the email.

You can expect a reply within 24 hours of your report with the next steps of action regarding the vulnerability. This may include a request to submit a pull request to resolve the vulnerability if applicable.

You should not disclose the vulnerability publicly unless you have not received a response after 1 month.

If the vulnerability is declined, you may post it publicly after 48 hours of its declination, unless the declination is retracted within that time period.

On the vulnerability being fixed, you may also disclose the vulnerability publicly after 1 week of the fix being deployed.


Last update: October 3, 2020