We currently provide security updates for the following versions of GenForm:

We take the security of GenForm seriously. If you believe you have found a security vulnerability, please report it to us responsibly.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them by:

1. Opening a Draft Security Advisory on GitHub (preferred).
2. Or by emailing the maintainers at [[email protected]].

Please include as much information as possible to help us understand and reproduce the issue:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected code (tag/branch/commit or direct link)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• We will acknowledge receipt of your report within 48 hours.
• We will investigate the issue and confirm the vulnerability.
• We will work on a fix and keep you updated on the progress.
• We will notify you once the fix is ready and ask you to verify it.
• We will release a security update and credit you for the discovery (if desired).

We follow a coordinated disclosure policy. We ask that you do not disclose the vulnerability publicly until we have had a chance to fix it and release an update. This helps protect our users from potential exploits.

For users of GenForm, we recommend:

• Keeping your installation up to date with the latest releases.
• Using strong, unique passwords for all accounts.
• Enabling Two-Factor Authentication (2FA) where available.
• Regularly reviewing your form permissions and access logs.

Thank you for helping keep GenForm secure!