If you discover a vulnerability with our software or server systems, please report it to us in private. Do not to attempt to harm our users, customer's data or our system's availability when looking for vulneratbilities.

Please contact us at security@pretix.eu with full details and steps to reproduce and allow reasonable time for us to resolve the issue before publishing your findings. If you wish to encrypt your email, you can find our GPG key here.

We're not large enough to run a formal bug bounty program, but if you find a serious vulnerability in our service, we will find a way to show our gratitude.

Security support is provided for the current stable release as well as the two previous stable releases. Be sure to keep your pretix installation up to date.

New releases and security issues will be announced on our blog. If you subscribe to our newsletter in the "News about self-hosting pretix" category, we will also send you an email on security issues.

Past security issues are listed on our website.