Skip to content

Security: dubstar-04/FreeCAD

Security

SECURITY.md

Security Policy

The FreeCAD project is a FOSS (Free and Open-Source Software) project that has a community of thousands of users and hundreds of developers worldwide. We encourage responsible reporting of security vulnerabilities that may affect users of this software, and will endeavor to address these vulnerabilities when they are discovered.

Bounties

FreeCAD does not have a program to pay bounties for security bugs. If you discover a vulnerability that affects a part of the FreeCAD project (either directly in FreeCAD, in a library it depends on, or in any of the various other subprojects such as our website, forums, etc.) we ask you to join the large community of volunteer contributors and file a report about the issue.

Note that funds may be available from the FreeCAD Project Association (FPA) to pursue security research and/or the development of fixes to any vulnerabilities discovered. However, vulnerabilities held as hostage in demands for "bounties" will not be entertained. Contact the FPA at fpa@freecad.org for more information.

Supported Versions

FreeCAD implements security fixes to the current release series, and to the current development on the main branch.

Version Supported
1.1dev
1.0
< 1.0

Reporting a Vulnerability

To report a vulnerability use GitHub's security reporting tool: https://github.com/FreeCAD/FreeCAD/security/advisories/new

There aren’t any published security advisories