Reporting security bugs

If you discover a security issue in ivatar, please report it to us privately so that we can push a fix to the main service before disclosing the problem publicly. We will credit you publicly (unless you don't want to) with this discovery.

The best way to do that is to file a security bug on our bug tracker . Make sure you change the bug visibility (see "This issue is confidential and should only be visible to team members with at least Reporter access") and set the 'Security' label.

Alternatively, you can talk to us at security@libravatar.org .
We will do our best to respond to you within 24-48 hours.
Also, please let us know if you are under any kind of publication deadline.

Security Hall of fame

We would like to thank the following people who have helped make ivatar/Libravatar more secure by reporting security issues to us.