Mozilla-specific security issues
Security issues specific to discourse.mozilla.org should be filed on Bugzilla:
Please tick Restrict access to this bug to members of the “Confidential Mozilla Employee Bug” group., to ensure the bug report isn’t publicly accessible.
General issues relating to Discourse should be filed upstream: https://meta.discourse.org/c/bug
Please invite me to the topic upstream (my username is
If you’re in doubt about whether an issue is upstream or mozilla-specific, file it as a mozilla-specific issue and we can triage it.
Upstream security issues
Upstream security issues should be filed on HackerOne: https://hackerone.com/discourse
Please also file a security issue with us so we can keep track of it, following the process noted above. Please say that you’ve filed the issue upstream so we don’t ourselves.