Reporting security bugs

If you discover a security issue in Libravatar, please report it to us privately so that we can push a fix to the main service before disclosing the problem publicly. We will credit you publicly (unless you don't want to) with this discovery.

To do so, talk to us at security@libravatar.org.

We will do our best to respond to you within 24-48 hours.

Also, please let us know if you are under any kind of publication deadline.

Security Hall of fame

We would like to thank the following people who have helped make Libravatar more secure by reporting security issues to us.

• Ahmed Adel Abdelfattah (@00SystemError00): improvement to mail configuration on libravatar.org and libravatar.com
• Putra Adhari: server-side request forgery in OpenID support