If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), send an email to [email protected].
You should not report such issues on GitHub or in other public spaces to avoid exposing Mastodon's users to increased risk.
A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities specific to Technodon.org (e.g. misconfiguration) should be reported at https://github.com/technodon-org/technodon/security/advisories
| Version | Supported |
|---|---|
| 4.0.x | Yes |
| 3.5.x | Yes |
| < 3.5 | No |