Jump to content

Security Policy

reading read GIFBefore sending us any security or bug reports, please read the following carefully:

  • We are a small community, and all of us have full-time jobs outside of this project. This means we may not be able to respond to your report immediately - we appreciate your patience.

  • We do not offer a bug bounty program.

  • Please do not report any XML-RPC related vulnerabilities - we don’t use WordPress.

  • We do not consider the inclusion of a Google Maps API key in our JavaScript to be a vulnerability. Embedding the key in client-side code is the only way Google Maps works, and this is explicitly recommended by Google. It’s fine. Please take a deep breath and relax.

  • We review most other reports on a case-by-case basis. If you've found a genuine issue, there's a good chance you'll earn a spot in our Security Hall of Fame.

  • That said, please note: even if we respond to your report, it does not guarantee your name will be added to the Security Hall of Fame. Reports are reviewed by our developers, and only confirmed, valid issues are acknowledged in this way. If your report is accepted, you will be notified by email.

  • Please don’t request or insist on being added to the Security Hall of Fame. All reports are carefully reviewed, and valid ones will be credited appropriately.

Thanks for helping us keep things secure!

Planned Penetration or Security Testing – Important Notice

If you plan to test our security, you must follow the procedure below. Failure to do so will result in a permanent ban from our systems.

Required Steps

  1. Notify Us in Advance

    • Submit a ticket under General Enquiry to inform us of your planned security test.

  2. Provide Background Information

    • Share details such as your LinkedIn profile, website, or examples of previous security tests.

  3. Define Your Scope

    • Specify which part of our system you intend to test (e.g., Forums, Ticket System, etc.).

  4. Specify the Duration

    • Let us know how long your security scan or test will run.

  5. List Test Details

    • Provide any usernames, emails, or IP addresses you plan to use.

    • VPNs are not permitted.

  6. Tell Us How You Found Us

    • Let us know how you discovered our website.

  7. Report Findings Properly

    • Once approved, submit any vulnerabilities you find via a ticket under Bug Report.


Important

  • If you conduct tests without prior approval, we will treat your activity as a hostile threat.

  • Offenders will be permanently banned, and future account creation attempts using the same username, email, or IP will be blocked.

You must follow this procedure - or face the consequences.

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.