This document outlines security procedures and general policies for the Django website (djangoproject.com) and Django documentation(docs.djangoproject.com). This is separate from Django's security policies.
The Django website working group is committed to responsible reporting and disclosure of security-related issue on our website. We appreciate your efforts and responsible disclosure.
Report security bugs and issues by creating a new vulnerability report in the djangoproject.com repository.
Once you’ve submitted a security vulnerability report, the website working group will begin their analysis. Depending on the action to be taken, you may receive followup emails. It can take several weeks before the website working group comes to a conclusion and resolves the issue.
While reporting a security issue related to the Django website, we encourage you to include a runnable proof of concept to reproduce the issue. That will help us analyse the issue better.
If you have suggestions on how this process could be improved please create a pull request by editing this file.