The PagerDuty Security Team exists to provide help and advice related to PagerDuty security issues and to provide coordination of the handling of security vulnerabilities.
We strongly encourage the reporting of potential security vulnerabilities with our Vulnerability Report Form. Please note that the Vulnerability Report Form should only be used for reporting undisclosed security vulnerabilities in PagerDuty projects. We cannot accept regular bug reports or other security-related queries via the Form. All issues submitted via the Form that do not relate to an undisclosed security problem in a PagerDuty project will be ignored.
The general security mailing list address is: [email protected]. This is a private mailing list. Please submit one form for each vulnerability you are reporting.
Information on the published vulnerabilities for a PagerDuty project can usually be found on the project's GitHub wiki. If you can't find the information you are looking for on the project's GitHub wiki, you should ask your question on StackOverflow. The Vulnerability Report Form should not be used to ask questions about:
- How to configure PagerDuty securely.
- If a published vulnerability applies to specific versions of PagerDuty that you are using.
- If a published vulnerability applies to the configuration of the PagerDuty instance you are using.
- Obtaining further information on a published vulnerability.
- The availability of patches and/or new releases to address a published vulnerability.