The Percussion CMS team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, email [email protected] and include the word "SECURITY:" in the subject line.

NOTE: We will acknowledge you as the reporter by default unless you specify otherwise on your report.

The Percussion team will send a response indicating the next steps in handling your report. After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

If you have discovered a vulnerability in a third party component or library, please report that vulnerability directly to that projects maintainer(s).

This project does not currently offer a bounty program at this time.

If you need to validate signatures on files coming from Percussion, or you want to encrypt a file you're sending to us, you can grab our PGP public key from https://www.percussion.com/Assets/www.percussion.com/security/public_key.asc