Private write-only category for security bugs


we are running Discourse on our open source community and it has been success so far, previously we were using google groups and emails. One remaining group we haven’t migrated yet, that is our xyz-security list which is private, users can only send emails and we reply them back on security vulnerabilities. But the experience is terrible, google groups does not like email alias e-mail headers are screwed up so replying is a nightmare.

Is there a way to setup something similar with Discourse? Our expectation would be to have some kind of category that regular users (or even anonymous users) can create posts in, however, they would never see other topics than their own? Thanks for help!

Out of my curiousity: how one can report security vulnerability for Discourse itself? Quick google failed me.

1 Like

We use HackerOne

You can use the group inbox feature for that. User can either PM or email a security group that will be the only who can see/reply those messages.


Thanks a bunch, both options look interesting indeed.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.