Reporting a Security Issue
==========================

Found a security issue in Symfony2? Don't use the mailing-list or the bug
tracker. All security issues must be sent to **security [at]
symfony-project.com** instead. Emails sent to this address are forwarded to
the Symfony core-team private mailing-list.

For each report, we first try to confirm the vulnerability. When it is
confirmed, the core-team works on a solution following these steps:

1. Send an acknowledgement to the reporter;
2. Work on a patch;
3. Write a post describing the vulnerability, the possible exploits, and how
   to patch/upgrade affected applications;
4. Apply the patch to all maintained versions of Symfony;
5. Publish the post on the official Symfony blog.

.. note::

    While we are working on a patch, please do not reveal the issue publicly.