The InvenTree team take all security vulnerabilities seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

Please report security vulnerabilities by emailing the InvenTree team at:

security@inventree.org

Someone from the InvenTree development team will acknowledge your email as soon as possible, and indicate the next steps in handling your security report.

The team will endeavour to keep you informed of the progress towards a fix for the issue, and subsequent release to the stable and development code branches. Where possible, the issue will be resolved within 90 days of reporting.