Hello, We have received a security report from a researcher on our Discourse-hosted instance. I went over it and some of the details are not clear to me, due to my lack of understanding of the platform. I read the security guidelines, and it appears we need to submit it via HackerOne. The issue is…

Security report from third-party researcher

Falco (Falco) October 27, 2025, 1:25pm 2

Try asking the researched to submit it to HackerOne first. Researchers usually prefer that.

3 Likes

Topic		Replies	Views
Security issues from automated scans Support	2	105	October 15, 2024
What is Discourse's policy on penetration testing and reporting security bugs? Site feedback	4	3013	May 19, 2014
How secure is Discourse? Support	11	5706	May 15, 2019
Responsible Disclosure Support	5	1203	October 29, 2018
Greater transparency over severity of security issues Support	2	490	April 2, 2021