The VuFind® project takes security seriously, and the code is written with security in mind. However, every application can have unanticipated security holes, and even a carefully-designed system can be insecure if configured incorrectly. This page collects security-related resources in one place.
See the Security for VuFind® Administrators page for step-by-step instructions on common security-related configuration needs as well as important best practice advice.
No vulnerabilities have been reported yet.
If you have discovered a security flaw in VuFind®, or if you have specific security-related concerns, please contact info@vufind.org to reach the Project Management Committee. The PMC will work with you to reach a satisfactory solution to your problem and make responsible disclosures to the community where necessary.
The vulnerability handling process is inspired by the Apache Software Foundation process, and it works like this: