You can find our full security documentation in our handbook.
We currently provide security updates for the latest versions.
You can find more information about this here.
If you discover a security vulnerability, please report it by following the instructions below:
We accept reports through our Bug Bounty VDP program on the HackerOne platform, which you can access here.
Alternatively, you can:
- Send an email to security@rocket.chat with details about the vulnerability.
- Include as much information as possible:
- Description
- Affected version
- Steps to reproduce
- Identified impact
- Proof of Concept (PoC)
Note: At this time, we do not offer monetary rewards for reported vulnerabilities.
We are committed to:
- Responsibly validating and fixing vulnerabilities.
- Notifying users when a security update is released.
- Formally acknowledging researchers who help improve Rocket.Chat's security.
Thank you for helping us keep this project safe for everyone!