It is highly appreciated to report a vulnerability to the Monal developers. We kindly ask you to not disclose it until it has been fixed. This prevents abuse and exploitation in the current published releases.
Please report issues directly via mail to info@monal-im.org.
Please try to report in detail:
- what you are concerned about
- if applicable, how to reproduce
- your contact details, if the sending email is not enough. That way we can ask questions back to you.
You are also invited to make a recommendation on how to fix a potential security vulnerability.
Once a vulnerability has been reported and confirmed we try our very best to provide a fix as soon as possible, at its best within days. However, depending on the potential issue it can take longer if many code sections need to be changed. Please keep in mind that this is a non-commercial software project run by volunteers.
Thank you for considering to report a security vulnerability. This improves the quality of the app significantly.