How to report security issues

The latest instructions are in the security policy. Please follow those instructions closely.

Each installation comes with a security.txt file in the .well-known/security.txt. The demo site as well.

Bounty program

Firefly III has no bounty program. I have no money to pay you if you find anything.