eZ Systems takes security very seriously. Here, you will find information on how to report security-related issues to us and how we process such issues. You can also find a history of security advisories in eZ Publish from 2006-present.

Reporting security issues

Please report all security-related issues in our issue tracker. When adding an issue, mark the bug type as "Security Bug" in the dropdown list on the right. This will notify the eZ Systems' security team in addition to making the issue visible to the poster. Our policy is to limit public knowledge about a security issue until we provide a fix for it.

Remember to select "Security Bug" when reporting security issues

Supported versions

eZ Systems only supports a limited set of versions. Community releases supported are currently the 4.0 and 4.1 versions

When we release new security advisories, we only check if supported versions are affected. Older, unsupported versions may or may not have the same security vulnerabilities. Security fixes or any bug fixes for older versions are not provided by eZ Systems unless you have support contracts (see Support and Services ). We urge users of older versions to upgrade their eZ Publish installations.